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About This Guide 


This Novell® GroupWise® 7 Administration Guide helps you maintain all components of your 
GroupWise system. The guide is divided into the following sections: 

+ “System” on page 35 

+ “Domains” on page 109 

+ “Post Offices” on page 153 

+ “Users” on page 201 

+ “Resources” on page 247 

¢ “Distribution Lists, Groups, and Organizational Roles” on page 261 

+ “Libraries and Documents” on page 291 

+ “Databases” on page 371 

+ “Post Office Agent” on page 461 

+ “Message Transfer Agent” on page 603 

+ “Internet Agent” on page 701 

+ “WebAccess” on page 853 

+ “Monitor” on page 963 

+ “Client” on page 1033 

+ “Security Administration” on page 1113 

+ “Security Policies” on page 1163 


+ “Documentation Updates” on page 1175 


Audience 


This guide is intended for those who administer a Group Wise system on NetWare, Linux, or 
Windows. Some background knowledge of the host operating system is assumed. 


Feedback 


We want to hear your comments and suggestions about this manual and the other documentation 
included with this product. Please use the User Comment feature at the bottom of each page of the 
online documentation, or go to www.novell.com/documentation/feedback.html and enter your 
comments there. 


Documentation Updates 


For the most recent version of the GroupWise 7 Administration Guide, visit the Novell GroupWise 7 
documentation Web site (http://www.novell.com/documentation/gw7). 
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Additional Documentation 


For additional GroupWise documentation, see the following guides at the Novell GroupWise 7 
documentation Web site (http://www.novell.com/documentation/gw7): 

¢ Installation Guide 

+ Multi-System Administration Guide 

¢ Interoperability Guide 

+ Troubleshooting Guides 

+ GroupWise Client User Guides 

+ GroupWise Client Frequently Asked Questions (FAQ) 


Documentation Conventions 


In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and 
items in a cross-reference path. 


A trademark symbol Cc, TM, etc.) denotes a Novell trademark. An asterisk denotes a third-party 
trademark. 


When a single pathname can be written with a backslash for some platforms or a forward slash for 
other platforms, the pathname is presented with a backslash. Users of platforms that require a 
forward slash, such as Linux*, should use forward slashes as required by your software. 


When a startup switch can be written with a forward slash for some platforms or a double hyphen for 
other platforms, the startup switch is presented with a forward slash. Users of platforms that require 
a double hyphen, such as Linux, should use double hyphens as required by your software. 
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+ Chapter 1, “GroupWise System Administration,” on page 37 
+ Chapter 2, “ConsoleOne Administration Tool,” on page 39 

+ Chapter 3, “GroupWise View,” on page 43 

+ Chapter 4, “GroupWise System Operations,” on page 51 

+ Chapter 5, “GroupWise Utilities,” on page 73 

¢ Chapter 6, “GroupWise Address Book,” on page 85 

+ Chapter 7, “Multilingual GroupWise Systems,” on page 105 
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GroupWise System Administration 


Asa GroupWise® system administrator, it is your responsibility to keep your GroupWise system 
running smoothly for your GroupWise users. This GroupWise 7 Administration Guide provides a 
wealth of information to help you accomplish this task. This System section provides an overview of 
the GroupWise administration tool, ConsoleOne®, and its capabilities. It summarizes administrative 
tasks that affect your GroupWise system as a whole and provides links to more specialized 
instructions. 


The following sections of the Administration Guide detail the eDirectory™ objects where 
Group Wise information is stored. Instructions are provided for creating and managing all 
Group Wise object types. 

+ “Domains” on page 109 

+ “Post Offices” on page 153 

+ “Users” on page 201 

+ “Resources” on page 247 

¢ “Distribution Lists, Groups, and Organizational Roles” on page 261 

+ “Libraries and Documents” on page 291 
The following sections of the Administration Guide detail the GroupWise software components that 
make your GroupWise system run. Instructions are provided for configuring, monitoring, and 
optimizing each software component. 

+ “Post Office Agent” on page 461 

+ “Message Transfer Agent” on page 603 

+ “Internet Agent” on page 701 

+ “WebAccess” on page 853 

+ “Monitor” on page 963 
The following additional sections of the Administration Guide provide supporting details and 
background information: 

+ “Databases” on page 371 

+ “Client” on page 1033 

+ “Security Administration” on page 1113 


+ “Security Policies” on page 1163 
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ConsoleOne Administration Tool 


Group Wise” is administered using ConsoleOne®, a Java*-based tool for managing your network 
and its resources. When you create your GroupWise system, GroupWise snap-ins are added to your 
ConsoleOne installation and GroupWise objects are created in Novell® eDirectory™. As you 
manage your GroupWise system, you use ConsoleOne to create additional GroupWise objects, 
modify GroupWise object properties, and so on. 





IMPORTANT: Because the GroupWise snap-ins to ConsoleOne are required in order to work with 
Group Wise objects, you cannot use other network management tools, such as Novell iManager, to 
administer your Group Wise system. Also, you should not use older network management tools, such 
as NetWare® Administrator, to administer your GroupWise system, unless your GroupWise system 
includes legacy gateways that require such tools to administer the corresponding Gateway objects 
and their properties. 


Because Group Wise is a cross-platform product, you might have components of your GroupWise 
system located on NetWare servers, Linux servers, and Windows* servers. You can run ConsoleOne 
on Windows or Linux to manage GroupWise domains and post offices located on any of these 
platforms. However, using Windows ConsoleOne to administer domains and post offices on 
NetWare and Windows servers, and using Linux ConsoleOne to administer domain and post offices 
on Linux servers is highly recommended to avoid potential cross-platform file access issues. 


+ Section 2.1, “ConsoleOne on Windows,” on page 39 
+ Section 2.2, “ConsoleOne on Linux,” on page 40 


+ Section 2.3, “ConsoleOne in a Multiple-Platform Environment,” on page 41 





NOTE: For a Group Wise system on NetWare, you cannot run ConsoleOne to administer 
Group Wise at the NetWare server console. The Group Wise Administrator snap-ins to ConsoleOne 
do not run in that environment. 





2.1 ConsoleOne on Windows 


You can run ConsoleOne on Windows on any Windows machine that meets the reguirements listed 
in “Group Wise Administration Requirements” in the Group Wise 7 Installation Guide. 


+ Section 2.1.1, “Installing ConsoleOne on Windows,” on page 39 


+ Section 2.1.2, “Starting ConsoleOne on Windows,” on page 40 


2.1.1 Installing ConsoleOne on Windows 


When you create your initial Group Wise system using the Group Wise Installation program 
(install.exe) on Windows, the Group Wise snap-ins to ConsoleOne are installed to the ConsoleOne 
installation on that machine. If necessary, you can install ConsoleOne itself to the machine where 
you are running the GroupWise Installation program. You are also given the opportunity to copy the 
Group Wise snap-ins to ConsoleOne into a GroupWise software distribution directory for later use. 
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After you have set up your GroupWise system, you can use the Group Wise Installation program to 
install ConsoleOne and the Group Wise snap-ins from the GroupWise 7 Administrator for NetWare/ 
Windows CD or you can run admin\install.exe to install the snap-ins from the software distribution 
directory to additional locations as needed. 


2.1.2 Starting ConsoleOne on Windows 


When you install ConsoleOne, a ConsoleOne icon is automatically created on your Windows 
desktop for starting ConsoleOne. 


Before you start ConsoleOne, turn off file caching in the Novell Client to protect database integrity. 


1 Right-click the red N in the notification area, then click Novell Client Properties. 
2 Click Advanced Settings, select File Caching, then select Off 
3 Click OK to save your change. 


2.2 ConsoleOne on Linux 


You can run ConsoleOne on Linux on any Linux machine that meets the requirements listed in 
“GroupWise Administration Requirements” in the GroupWise 7 Installation Guide. 


¢ Section 2.2.1, “Installing ConsoleOne on Linux,” on page 40 


¢ Section 2.2.2, “Starting ConsoleOne on Linux,” on page 41 


2.2.1 Installing ConsoleOne on Linux 


When you create your initial Group Wise system using the GroupWise Installation program 
(instal1) on Linux, ConsoleOne should already be installed before you begin. If you are running 
Novell Open Enterprise Server Linux, you can install ConsoleOne from YaST using Software > 
Install and Remove Software. Linux ConsoleOne is also available on the Novell Downloads page 
(http://download.novell.com/index.jsp). 


After ConsoleOne is installed, the GroupWise Installation program on Linux installs the GroupWise 
snap-ins to ConsoleOne to the ConsoleOne installation on that machine. You are also given the 
opportunity to copy the GroupWise Administration RPM into a GroupWise software distribution 
directory for later use. 


After you have set up your GroupWise system, you can use the GroupWise Installation program to 
install the GroupWise snap-ins from the GroupWise 7 Administrator for Linux CD or you can install 
the GroupWise Administration RPM from the admin subdirectory of the software distribution 
directory to install the snap-ins to additional locations as needed. 


ConsoleOne and the GroupWise Administrator snap-ins should be installed on each Linux server 
where a domain is located. For some administration tasks, ConsoleOne on the primary domain 
server needs to have secondary domain servers mounted. Depending on how you organize your 
Group Wise administration, you might also want to mount the primary domain server to each 
secondary domain server. Administrative messages can flow from one secondary domain to another 
through the primary domain. 
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2.2.2 Starting ConsoleOne on Linux 


1 Ina terminal window, become root by entering sux and the root password. 
The sux command enables the X Window System*, which is required for running 
ConsoleOne. 


2 Enter the following command: 
/usr/ConsoleOne/bin/ConsoleOne 


2.3 ConsoleOne in a Multiple-Platform 
Environment 


If your Group Wise system includes multiple platforms, you can administer Linux domains from 
Windows ConsoleOne or you can administer NetWare or Windows domains from Linux 
ConsoleOne. The cross-platform connections required for cross-platform GroupWise administration 
are described in the following sections of “Migration” in the GroupWise 7 Installation Guide: 

+ “Using Windows ConsoleOne to Access Domains and Post Offices on Linux” 


+ “Using Linux ConsoleOne to Access Domains and Post Offices on NetWare or Windows” 
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GroupWise View 


When administering GroupWise® in ConsoleOne®, you can use the standard Novell® eDirectory™ 
View or you can use the GroupWise View. The following sections discuss the GroupWise View and 
how to use it: 


+ 


Section 3.1, “eDirectory View vs. Group Wise View,” on page 43 


+ 


Section 3.2, “Group Wise Object Icons,” on page 44 


+ 


Section 3.3, “Customizing the GroupWise View,” on page 46 


+ 


Section 3.4, “Searching in the Group Wise View,” on page 48 


+ 


Section 3.5, “Performing Administrative Tasks from the Group Wise View,” on page 48 





NOTE: The ConsoleOne illustrations used in the guide show ConsoleOne on Windows. 
ConsoleOne on Linux appears different but provides substantially the same functionality. 





3.1 eDirectory View vs. GroupWise View 


The eDirectory View displays the GroupWise objects in their contexts in the eDirectory tree, as 
shown in the following example. 


Figure 3-1 eDirectory View 
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The GroupWise View filters out all non-Group Wise objects and shows how the Group Wise objects 
relate to each other in the Group Wise system, as shown in the following example. 
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Figure 3-2 GroupWise View 
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In the left pane, all Domain objects are displayed under the GroupWise system, and all Post Office 
objects are subordinate to the domains where they reside. You can select the GroupWise system, a 
domain, or a post office in the left pane and then use the drop-down list of GroupWise objects on the 
toolbar to display associated objects (Users, Resources, Message Transfer Agents, and so on) in the 
right pane. In the above example, the GroupWise System is selected in the left pane and the 

Group Wise Object list is set to Users, so the right pane is displaying all users in the entire 

Group Wise system. 


3.2 GroupWise Object Icons 


The following table lists all the GroupWise objects that are displayed in the eDirectory View or 
Group Wise View in ConsoleOne. 


Table 3-1 Object Icons 


Icon GroupWise Object Additional Information 


af 
A GroupWise System Represents the GroupWise system you are currently connected 
to. The GroupWise system's name is displayed in the lower left 
corner of the ConsoleOne window. 


3 Primary Domain Represents the system's primary domain. To ensure 
consistency, all replication of GroupWise information to the 
GroupWise domain and post office databases takes place 
through the primary domain. For additional information, see 
Part Il, “Domains,” on page 109. 


(El Secondary Domain Represents any additional domains, other than the primary, 
created in the GroupWise system. For additional information, 
see Part Il, “Domains,” on page 109. 


KE Current Domain Represents the domain to which ConsoleOne is currently 
connected. For information about changing the current domain, 
see Section 9.1, “Connecting to a Domain,” on page 127. 
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Icon 


GroupWise Object 


Additional Information 


El External Domain Represents a domain from another GroupWise system. 


# 


Non-GroupWise Domain 


Post Office 


External Post Office 


User 


External Entity 


External User 


Resource 


External Resource 


Distribution List 


Group 


Organizational Role 


Library 


Nickname 


Message Transfer Agent 


Represents all or part of a non-GroupWise system. 


Represents a collection of user accounts (mailboxes). For 
additional information, see Part III, “Post Offices,” on page 153. 


Represents a post office in an external GroupWise system or a 


non-GroupWise system. 


Represents an eDirectory user who has been given a 


GroupWise account in a post office. For additional information, 


see Part IV, “Users,” on page 201. 


Represents a user not listed in eDirectory who has been given a 
GroupWise account in a post office. For additional information, 


see Part IV, “Users,” on page 201. 


Represents a user in an external GroupWise system or a non- 


GroupWise system. 


Represents a conference room or some other resource that can 
be scheduled by users. For additional information, see Part V, 


“Resources,” on page 247. 


Represents a resource that belongs to an external GroupWise 


system or a non-GroupWise system. 


Represents a group of users or resources that can all be 
addressed by using the distribution lists name. For additional 
information, see Part VI, “Distribution Lists, Groups, and 


Organizational Roles,” on page 261. 


Represents an eDirectory group. eDirectory groups, like 
distribution lists, can be addressed by using the group’s name. 
Any members of the group who have GroupWise accounts 
receive the message. For additional information, see Part VI, 
“Distribution Lists, Groups, and Organizational Roles,” on 


page 261. 


Represents an eDirectory organizational role. eDirectory 
organizational roles, like distribution lists, can be addressed by 
using the organizational role's name. Any members of the role 
who have GroupWise accounts receive the message. For 
additional information, see Part VI, “Distribution Lists, Groups, 


and Organizational Roles,” on page 261. 


Represents a collection of documents. For additional 


information, see Chapter 21, “Document Management Services 


Overview,” on page 293. 


Represents an additional address associated with a user, 
resource, or distribution list. For additional information, see 


Part IV, “Users,” on page 201, Part V, “Resources,” on 
page 247, or Part VI, “Distribution Lists, Groups, and 
Organizational Roles,” on page 261. 


Represents a Message Transfer Agent (MTA) associated with a 
domain. For additional information, see Part X, “Message 


Transfer Agent,” on page 603. 
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Icon GroupWise Object Additional Information 


e Post Office Agent Represents a Post Office Agent (POA) associated with a post 


office. For additional information, see Part IX, “Post Office 
Agent,” on page 461. 


Hp Gateway Represents a method of linking to another e-mail system or 


transport. For additional information, see the GroupWise 
gateway guides (http://www.novell.com/documentation/ 
gwgateways). 


3.3 Customizing the GroupWise View 


You can change the column display, order, and width to customize the GroupWise View. 


Changes are preserved from one ConsoleOne session to the next. In addition, your last view is 
persistent from session to session. For example, if you last used the Distribution Lists view, the next 
time you start ConsoleOne and open the GroupWise View, the Distribution Lists view is displayed. 
If the last-used view is not applicable (for example, you had the Gateways view open and when the 
new ConsoleOne session starts you select a Post Office object), the GroupWise View defaults to the 
Users view. 


¢ Section 3.3.1, “Changing the Column Display and Order,” on page 46 
¢ Section 3.3.2, “Changing the Column Widths,” on page 47 


3.3.1 Changing the Column Display and Order 


For each view (Users, Distribution Lists, Gateways, Post Offices, and so forth), you can determine 
which columns are displayed and the order in which they are displayed. 


1 Select GroupWise System in the left (tree) pane, then select the view (for example, Users). 
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2 Ifyou are changing the Users view, use the drop-down list to select how you want to sort users 
(ID Sort, User Name Sort, First Name Sort, or Last Name Sort). 
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The Users view allows you to sort by ID, user name, first name, or last name. Each of these is 
treated as a separate Users view for which you can determine the column display and order. 
The views for different objects offer different sort options. 


3 Click View > Edit Columns to display the Select GroupWise View Columns dialog box. 


KS select GroupWise View Columns 


Selected Columns Available Fields 
Obj Account ID 
Domain Name Admin Defined 1 
Post Office Name Admin Defined 10 
Last Name Admin Defined 11 
Given Name Admin Defined 12 
Admin Defined 13 
Admin Defined 14 
Admin Defined 15 
Admin Defined 16 
Admin Defined 17 
Admin Defined 18 
Admin Defined 19 
Admin Defined 2 
Admin Defined 20 
Admin Detined 3 
Admin Defined 4 
Admin Defined 5 











4 To add a column, select the column in the Available Fields list, then click the left-arrow to add 
it to the Selected Columns list. 


5 To determine the display order, select a column in the Selected Columns list, then click the up- 
arrow and down-arrow to move it to the desired position. 


6 To remove a column, select the column in the Selected Columns list, then click the right-arrow 
to add it to the Available Fields list. 


7 When you are finished, click OK to save your changes. 


3.3.2 Changing the Column Widths 
You can change column widths in a view by dragging the right or left edge of the column label. 
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3.4 Searching in the GroupWise View 


You can search for a specific entry in a view. The search is performed on the first column. For 
example, if the Resources view is displayed, you can search for a specific resource based on its 
object ID. If the Users view (with Last Name Sort selected) is displayed, you can search for a 
specific user based on the user’s last name. 


With the Users view, if you have First Name Sort or Last Name Sort selected, you can search for a 
complete user name (both first and last name) by using a comma as a delimiter between the names. 
A space after the comma is optional. 


For example, if the Users view displays first names in the first column and last names in the second 
column, you can type John,Smith to go directly to that user name. If the columns were reversed, you 
could use Smith,John. 


To perform a search: 


1 Change to the view you want to search. 
2 Select the first entry in the view. 
3 Type the text to search for. 
As you type text, a text box appears in the lower right corner of the GroupWise View. 
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3.5 Performing Administrative Tasks from the 
GroupWise View 


You can perform many Group Wise administrative tasks from the GroupWise View as well as from 
the eDirectory View. For example, you can: 


+ Create new objects. 
+ Modify the properties of an object. 


+ Move, rename, or delete an object from the GroupWise system. 


+ 


Use the Group Wise utilities, system operations, and diagnostic options on the Tools menu. 


In addition, external objects must be created and managed in the Group Wise View because they are, 
by definition, external to eDirectory and have no eDirectory context. For example, if you install the 
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Group Wise Internet Agent and want to simplify addressing for your users by adding the Internet as a 
non-Group Wise domain, you must perform the task in the GroupWise View. 
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GroupWise System Operations 


The GroupWise® system operations in ConsoleOne® allow you to perform various tasks to maintain 
and optimize your Group Wise system. The following sections provide information about the system 
operations included on the Tools menu (Tools > GroupWise System Operations): 

+ Section 4.1, “Select Domain,” on page 51 

¢ Section 4.2, “System Preferences,” on page 53 

+ Section 4.3, “eDirectory User Synchronization,” on page 59 

+ Section 4.4, “Admin-Defined Fields,” on page 60 

¢ Section 4.5, “Pending Operations,” on page 60 

+ Section 4.6, “Addressing Rules,” on page 61 

+ Section 4.7, “Time Zones,” on page 61 

+ Section 4.8, “External System Synchronization,” on page 64 

+ Section 4.9, “Software Directory Management,” on page 64 

+ Section 4.10, “Restore Area Management,” on page 69 

+ Section 4.11, “Internet Addressing,” on page 69 

+ Section 4.12, “Trusted Applications,” on page 69 

+ Section 4.13, “LDAP Servers,” on page 71 

+ Section 4.14, “Global Signatures,” on page 71 





NOTE: If the majority of the items on the GroupWise System Operations menu are dimmed, you are 
connected to a secondary domain in a GroupWise system where Restrict System Operations to 
Primary Domain has been selected under System Preferences. For more information, see 

Section 4.2, “System Preferences,” on page 53. 


4.1 Select Domain 


By default, ConsoleOne must be connected to a GroupWise domain in order for you to administer 
your Group Wise system. Being connected to a GroupWise domain ensures that information is 
replicated not only in Novell® eDirectory™ but also in the GroupWise domain and post office 
databases. 


You can be connected to any domain in the GroupWise system. As shown in the following example, 
the domain to which you are connected is indicated by a plug on the domain’s icon. In addition, the 
connected domain is listed at the bottom of the ConsoleOne window. 
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Figure 4-1 ConsoleOne Window Showing the Domain You Are Connected To 
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Some administrative tasks require you to be connected to a specific domain but others do not. In 
general, operations that create new GroupWise container objects or delete GroupWise container 
objects require you to be connected to the domain where the object resides. Operations that add or 
delete leaf object or modify the properties of an existing object do not require you to be connected to 
the object’s domain. 


To change the domain to which you are connected: 
1 In ConsoleOne, click Tools > GroupWise System Operations > Select Domain. 
GroupWise Administrator 


Domain Path: 


WBDISYSigwsystem\provot js | 


Enter a valid path to a domain database and click OK, or click 
Cancel to continue. 


Cancel 





2 Browse to and select the domain directory, then click OK to connect to the domain. 





NOTE: You can also connect to a domain by right-clicking the domain in the Group Wise View and 
clicking Connect. 





Being connected to a domain means that ConsoleOne has write access to the domain database 
(wedomain. db). How the write access is achieved depends on the platform where you are running 
ConsoleOne and the platform where the domain is located. 
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Table 4-1 Domain Connection Options 


ConsoleOne 


Domain Platform 


Connection Options 


Platform 
Windows NetWare server Mapped drive 
ConsoleOne 
Linux server Samba mount where the path to the domain on the Linux server is 
prefixed by the Linux server hostname from the point of view of 
ConsoleOne 
Windows server Local drive 
Mapped drive 
Linux NetWare server File system mount where the mount point directory matches the 
ConsoleOne NetWare server hostname and volume name 


Linux server 


Windows server 


Local directory 


Mounted file system where the mount point directory matches the 
domain directory on the mounted file system 


Mounted file system where the mount point directory matches the 
Windows server hostname and share 


The database location is stored internally in UNC path format 
(\\server\volume\ directory) but is displayed on the Domain object Identification page in 
ConsoleOne based on the platform of ConsoleOne and the database location. 


Table 4-2 Database Locations 


ConsoleOne 


Domain Platform 


Database Location 


Platform 
Windows NetWare server \\NetWare_server\volume\domain directory 
ConsoleOne . 

Linux server \\Linux server\domain directory 

Windows server \\Windows server\share\domain directory 
Linux NetWare server /mnt/NetWare server/volume/domain directory 
ConsoleOne 


Linux server 


Windows server 


/domain directory 


/mnt/Windows server/share/domain directory 


When you click Connect, ConsoleOne uses the domain’s UNC path to automatically connect you to 
the correct domain if possible; otherwise, you must manually browse to and select the domain 
database in order to connect to the domain. 


4.2 System Preferences 


You can use the GroupWise system preferences to configure the defaults for various Group Wise 


system settings. 


To change the system preferences: 


GroupWise System Operations 


1 In ConsoleOne, click Tools > GroupWise System Operations > System Preferences. 


GroupWise System Preferences 


Defaut Password | Admin Lockout Settings 
i Routing Options | External Access Rights 
Set access rights automatically: 

|” When creating a GroupWise user 


When creating or modifying objects, for network ID use: 
© Full Distinguished Name 
© Common Name 


| Display Identity Manager (DirXML) warnings 


| Cancel | Help | 








The GroupWise System Preferences dialog box contains the following tabs: 


+ Admin Preferences: Controls how rights are assigned and what network ID format is used 
when creating new GroupWise users. By default, rights are assigned automatically and the 
fully distinguished name format is used. 


+ Routing Options: Controls default message routing for your GroupWise system. By 
default, no routing domain is assigned. 


+ External Access Rights: Controls the access that users on external GroupWise systems 
have to your Group Wise users’ information. By default, Busy Search and status tracking 
information is not returned to users on external GroupWise systems. 


+ Nickname Settings: Controls what happens when you move a user from one post office to 
another. By default, nicknames representing old addresses are not automatically created 
when users are moved. 


+ Default Password: Assigns a default password for new GroupWise user accounts. By 
default, you must manually assign a password for each GroupWise account you create. 


+ Admin Lockout Settings: Controls access to the GroupWise administration functions in 
ConsoleOne. By default, there are no restrictions. 


+ Linux Settings (Linux ConsoleOne Only): Establishes the mount directory where 
ConsoleOne can find mounted file systems where domains and post offices are located. 


2 Change the system preferences as needed. 
3 Click OK to save the changes. 


4.2.1 Admin Preferences 
1 Click the Admin Preferences tab to modify any of the following options: 


GroupWise System Preferences 
Default Password | Admin Lockout Settings 
Routing Options External Access Rights 
Set access rights automatically: 
D When creating a GroupWise user 
When creating or modifying objects, for network ID use: 
(° Full Distinguished Name 
© Common Name 


I” Display Identity Manager (DirXML) warnings 


p ere, 





| Cancel | Help 
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Set Access Rights Automatically: Users require specific eDirectory and file system rights in 
order to use GroupWise (see Chapter 77, “GroupWise User Rights,” on page 1153). Select this 
option to automatically grant these rights when creating a GroupWise account for users. 


Appropriate eDirectory object rights enable the Group Wise client to log in to the user’s post 
office without prompting the user for the post office location (IP address, UNC path, or mapped 
drive.) 


Appropriate file system rights enable the GroupWise client to directly access the post office 
directory rather than use client/server access. 


When Creating or Modifying Objects, For Network ID Use: Select Full Distinguished 
Name (for example, paul.engineering.ny) when users’ mailboxes reside on a NetWare® 4.1x or 
later server and users have an eDirectory connection to the server where the post office resides. 


Select Common Name (for example, paul) under the following circumstances: 
+ The users’ mailboxes reside on a NetWare 3.1 server. 


+ The users’ mailboxes reside on a NetWare 4.1x server but users have a bindery emulation 
connection to the server where the post office resides. 


¢ Users’ GroupWise IDs are different from their NetWare IDs. 


Display Identity Manager (DirXML) Warnings: The Identity Manager Driver for 

Group Wise provides data integration between GroupWise users and groups in eDirectory. For 
example, you can have an e-mail account automatically created as soon as an employee is 
hired. The same driver can also disable an e-mail account when a user is no longer active. 


If you are using the Identity Manager Driver for GroupWise, some GroupWise operations that 
you perform in ConsoleOne require you to take preliminary actions with the driver. For 
example, if you recover a deleted account, you need to stop the driver before recovering the 
account and restart it after the operation is complete. 


This option enables you to receive a warning message whenever you perform a GroupWise 
operation in ConsoleOne that is affected by the Identity Manager driver. The warning message 
includes instructions about the actions you need to take with the driver before continuing with 
the GroupWise operation. If you are using the Identity Manager Driver for Group Wise, we 
strongly recommend that you enable this option. If you are not using the driver, you can disable 
the option to avoid receiving unnecessary messages. 


For more information, see “GroupWise DirXML Driver for Novell Identity Manager” in the 
GroupWise 7 Interoperability Guide. 


2 Click OK to save the changes. 


4.2.2 Routing Options 


1 Click the Routing Options tab to modify any of the following options: 


GroupWise System Operations 


GroupWise System Preferences 


Nickname Settings | = Admin Lockout Settings 
Admin Preferences External Access Rights 


Default Routing Domain: 


| @| Clear 








[7 MTAs send directly to other GroupWise systems 








| Cancel | Help 








Default Routing Domain: If a domain’s MTA cannot resolve a message’s address, the 
message is routed to this default domain’s MTA. The default domain’s MTA can then be 
configured to handle the undeliverable messages. This might involve routing the message to 
another GroupWise domain or to an Internet address (by performing a DNS lookup). Browse to 
and select the GroupWise domain you want to use as the default routing domain. 


Force All Messages to this Domain: This option applies only if you select a default routing 
domain. Select this option to force all messages to be routed through the default routing domain 
regardless of the links you have configured for your GroupWise system’s domains. 


MTAs Send Directly to Other GroupWise Systems: Select this option if you want all MTAs 
in your GroupWise system to perform DNS lookups and route messages out across the Internet. 
If you deselect this option, you can designate individual MTAs to perform DNS lookups and 
route messages to the Internet. For more information, see “Using Dynamic Internet Links” in 
“Connecting to GroupWise 5.x, 6.x, and 7.x Systems” in the GroupWise 7 Multi-System 
Administration Guide. 


2 Click OK to save the changes. 


4.2.3 External Access Rights 
1 Click the External Access Rights tab to modify any of the following options: 


GroupWise System Preferences 


Nickname Settings | Default Password l 
Admin Preferences | Routing Options i 


| Allow external busy search 


| Allow external status tracking 











| Cancel | Help 





Allow External Busy Search: Select this option to enable users in other Group Wise systems 
to perform Busy Searches on your Group Wise users’ Calendars. 


Allow External Status Tracking: Select this option to enable users in other Group Wise 
systems to receive message status information (such as whether a message has been delivered, 
opened, and so on) when messages arrive in your Group Wise system. 


2 Click OK to save the changes. 
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4.2.4 Nickname Settings 
1 Click the Nickname Settings tab to modify 


GroupWise System Preferences 
- | Routing Options | External Access Rights 
i Default Password | Admin Lockout Settings 
Auto-create on User Move 
© Never 
C Always 


C Prompt 


any of the following options: 





Cancel | Help 








Auto-Create on User Move: A nickname 





is an alternative address that can be associated with 


a user. Whenever you move a user, GroupWise can automatically create a nickname with the 
user’s old name and old post office. This enables messages sent to the old name to be 
automatically forwarded to the user’s new address. Select whether or not you want Group Wise 
to never create nicknames, always create nicknames, or prompt you during the move process.: 


Expire After: This option applies only if you selected Always or Prompt. If you want the 
nickname to be automatically removed after a period of time, specify the time period (in days). 
Valid values range from 1 to 365 days. A setting of 0 indicates that the nickname will not be 
automatically removed after the specified time period. 


2 Click OK to save the changes. 


4.2.5 Default Password 


1 Click the Default Password tab to modify any of the following options: 


GroupWise System Preferences 


Admin Preferences | Rautinn Ortinns | External Access Rights 
Nickname Settings Default Password | Admin Lockout Settings 





Default password for new users: | 





Cancel | Help 











Default Password for New Users: Specify the default password you want assigned to new 


GroupWise user accounts. 
2 Click OK to save the changes. 


4.2.6 Admin Lockout Settings 


1 Click the Admin Lockout Settings tab to modify any of the following options: 
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GroupWise System Preferences 


Admin Preferences | Routing Options | 
Nickname Settings | Default Password 

| Restrict System Operations to Primary Domain 

F Lock Out Older GroupWise Administration Snapins 


Minimum Snapin Release Version (x.x.x): 





Minimum Snapin Release Date: 








BR 








| Cancel | Help 








Restrict System Operations to Primary Domain: Enable this option to allow an 
administrator to perform system operations (Tools > GroupWise System Operations) only when 
he or she is connected to the primary domain. All operations except Select Domain, Pending 
Operations, and Restore Area Management are unavailable when connected to a secondary 
domain. 


Lock Out Older GroupWise Administration Snap-Ins: Enable this option to prevent 
administrators from using older GroupWise ConsoleOne snap-ins for accessing Group Wise 
objects in eDirectory. You can override these system lockout settings for individual domains 
(Domain object > GroupWise > Admin Lockout Settings). 


There are four GroupWise snap-ins to ConsoleOne, one for general administration, one for 
Internet Agent administration, and two for WebAccess administration. The ability to lock out 
older GroupWise snap-ins starts with GroupWise 6.5. 


In the Minimum Snap-In Release Version (x.x.x) field, specify the version number of the oldest 
GroupWise snap-ins that can be used to administer your GroupWise system. 


In the Minimum Snap-in Release Date field, select the date of the oldest GroupWise snap-ins 
that can be used to administer your GroupWise system. 


You can specify the minimum version, the minimum date, or both. If you specify both 
minimums, any administrator using snap-ins that are older than both minimums cannot use the 
Group Wise snap-ins. However, such an administrator can still run ConsoleOne for other 
purposes but must update the GroupWise snap-ins before GroupWise administration features 
are available again. 





NOTE: Default admin lockout settings can be overridden on individual domains as needed. 





2 Click OK to save the changes. 


4.2.7 Linux Settings (Linux ConsoleOne Only) 


1 On Linux, click the Linux Settings tab to specify the mount directory. 
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GroupWise System Preferences oS 








Admin Lockout Settings | Linux Settings 
Nickname Settings Default Password | 
Admin Preferences f Routing Options [ External Access Rights | 

















Linux Mount Directory: 
[imn (= 








Enter a valid path to the mount directory and click OK, or click 
Cancel to continue. 

















Mount Directory: Specify the mount directory where ConsoleOne can find mounted file 
systems where domains and post offices are located. 


Group Wise databases can be located on Linux servers, NetWare servers, or Windows servers. 
In the Linux mount directory, you create directories that have the same names as the servers 
that are mounted to those mount points. You do this for each server where a domain or post 
office is located that you want to access from ConsoleOne. The following table illustrates the 
correspondence between UNC paths and mount point directories for GroupWise database 
locations on Linux, NetWare, and Windows, assuming the typical mount point directory of / 
mnt: 


Corresponding Linux 


Platform GroupWise Domain UNC Path Mount Point 


Linux \\Linux server\GW partition\domain directory /mnt/Linux server/ 
GW partition 


NetWare \\NetWare_server\GW volume\domain directory /mnt/ 
NetWare server/ 
GW_volume 


Windows \\windows server\GW share\domain directory /mnt/ 
Windows server/ 
GW share 


Group Wise administrators can have different mount points depending on the workstation or 
server where they are running ConsoleOne. The mount directory information is stored in a 
user-specific preferences file (. consoleone/SnapinPrefs. ser in each GroupWise 
administrator’s home directory). 


2 Click OK to save the changes. 


4.3 eDirectory User Synchronization 


For user information to be displayed in the GroupWise Address Book, it must be stored not only in 
eDirectory but also in the GroupWise domain and post office databases. If you add or modify user 
information using an installation of ConsoleOne with the GroupWise Administrator snap-in, the 
GroupWise Administrator snap-in adds the user information to the GroupWise databases. However, 
if you add or modify user information using a ConsoleOne installation that is not running the 
Group Wise Administrator snap-in, the user information is not changed in the GroupWise databases. 
This is also true if you add or modify user information using Novell iManager or older 
administration tools such as NetWare Administrator. 


GroupWise System Operations 


To ensure that the user information stored in the GroupWise databases is always synchronized with 
the user information in eDirectory, you can set up eDirectory user synchronization. For detailed 
information see Section 41.4.1, “Using eDirectory User Synchronization,” on page 638. 


4.4 Admin-Defined Fields 


eDirectory includes user information that is not associated to GroupWise user fields. For example, a 
User object includes Postal Address fields named City, State, and Zip Code. By default, these fields 
are not displayed in the GroupWise Address Book. However, you can use the Admin-Defined Fields 
feature to map eDirectory user fields to Group Wise fields so that they can be displayed in the 
GroupWise Address Book. For instructions, see Section 6.1.1, “Adding eDirectory Fields to the 
Address Book,” on page 86. 


4.5 Pending Operations 


Pending operations are the results of administrative operations, such as adding Group Wise objects 
and modifying Group Wise object properties, that have not yet been permanently written to the 
appropriate GroupWise databases. While operations are pending, GroupWise data is not in a 
consistent state. 


For example, you can maintain any domain’s objects you have administrative rights over. However, 
because a secondary domain owns its own objects, any operation you perform from the primary 
domain on a secondary domain’s objects must be validated by the secondary domain. While the 
operation is being validated, the Pending Operations dialog box displays object details and the 
pending operation. 


While the operation is pending, the object is marked Unsafe in the primary domain database. The 

Operation field in the dialog box displays the pending operation. An unsafe object can have other 

operations performed on it, such as being added to a distribution list; however, the object record is 
not distributed to other domains and post offices in the system until it is marked Safe. 


All pending operations require confirmation that the operation was either successfully performed or 
could not be performed. If the operation was successful, the pending operation is removed from the 
list, the record is marked in the database as Safe, and the record is distributed to all other domains 
and post offices in your system. If the operation could not be performed, the pending operation 
remains in the list where you can monitor and manage it. 


1 In ConsoleOne, connect to the domain whose pending operations you want to view, as 
described in Section 4.1, “Select Domain,” on page 51. 


2 Make sure the agents are running for the domain and/or post office where you are checking for 
pending operations 


3 Click Tools > GroupWise System Operations > Pending Operations. 


While an operation is being validated, the Pending Operations dialog box displays the object 
and the operation waiting completion and confirmation. 


4 For more detailed information, select the pending operation, then click View. 


5 If conditions on the network have changed so that a pending operation might now succeed, 
select the pending operation, then click Retry. 


6 Ifyou want to cancel a pending operating that has not yet taken place, select the pending 
operation, then click Undo. 
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4.6 Addressing Rules 


You can use the Addressing Rules feature to configure GroupWise so that users can enter shortened 
forms of e-mail addresses. For more information, see Section 6.8, “Facilitating Addressing through 
GroupWise Gateways,” on page 100. 


4.7 Time Zones 


When you create a domain or post office, you select the time zone in which it is located. This 
ensures that Group Wise users in other time zones receive Calendar events and tracking information 
adjusted for local time. 


The time zone list includes predefined definitions for each time zone. Most time zones include 
multiple definitions to account for different locations within the time zone. Each time zone 
definition allows you to specify the Daylight Saving Time dates and bias (1 hour, 30 minutes, etc.). 


You can modify existing time zone definitions, add new definitions, or delete definitions. 


+ Section 4.7.1, “Modifying a Time Zone Definition,” on page 61 
+ Section 4.7.2, “Adding a Time Zone Definition,” on page 62 


+ Section 4.7.3, “Deleting a Time Zone Definition,” on page 63 


4.7.1 Modifying a Time Zone Definition 


1 In ConsoleOne, click Tools > GroupWise System Operations > Time Zones. 


Configure Time Zones 


Time Zones: 

(GMT) Casablanca, Monrovia 

(GMT) Greenwich Mean Time; Dublin, Edinburgh, Lisbon, London 
(GMT+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna 
(GMT+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague 
(GMT+01:00) Brussels, Copenhagen, Madrid, Paris, Vilnius 
(GMT+01:00) Sarajevo, Skopje, Sofija, Warsaw, Zagreb 
(GMT+02:00) Athens, Istanbul, Minsk 

(GMT+02:00) Bucharest 

(GMT+02:00) Cairo 

(GMT+02:00) Harare, Pretoria 

(GMT+02:00) Helsinki, Riga, Tallinn 

(GMT+02:00) Israel 











Daylight Saving Time 


Start Date/Time: Last Sunday of March at 2:00 AM 
End Date/Time: Last Sunday of October at 3:00 AM 





2 Select the time zone to modify, then click Edit to display the Edit Time Zone dialog box. 


Edit Time Zone 





Time Zone Name: (GMT+02:00) [athens, Istanbul, Minsk 


Offset from GMT: [ 2 {hours [ 0 +] minutes 
Abbreviation: (GTB 


IV Observe Daylight Savings Time 








Start Day: Sunday x] of [March x] at [2:004M 

















Last Day: Sunday x] of [October x] at [3:00am 


Bias: 1 + hours 0 4 minutes: 
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3 Modify any of the following fields: 


Time Zone Name: Provide a name for the time zone definition (for example, some of the 
major cities in the time zone). We suggest you include a reference (+ or -) to GMT, for example 
(GMT-07:00). The time zone list is sorted by the GMT offset. 


Offset from GMT: Specify the hours and minutes that the time zone is offset from Greenwich 
Mean Time. The offset from GMT keeps your different locations synchronized. For example, if 
a conference call is scheduled for 4:00 p.m. June 1 in Salt Lake City, the call would appear on a 
schedule in Adelaide at 8:30 a.m. June 2. If you are in the western hemisphere (west of the 
Greenwich Meridian and east of the International Date Line) be sure the hour offset is negative 
(-). If you are in the eastern hemisphere (east of the Greenwich meridian and west of the 
International Date Line) be sure the hour offset is positive. 


Abbreviation: Specify an abbreviation for the time zone. For example, the abbreviation for 
Atlantic Standard Time could be AST; the abbreviation for Atlantic Daylight Time could be 
ADT. 


Observe Daylight Saving Time: If the time zone observes daylight saving time, click the 
Observe Daylight Saving Time box, then fill out the remaining fields: 


+ Start Day: Select the day and time that daylight saving time starts. 
+ Last Day: Select the day and time that daylight saving time ends. 


¢ Bias: Select the number of hours and minutes that the clock changes at the daylight saving 
time start day, such as] hour or 1 hour 30 minutes. 


4 Click OK to save the changes. 


4.7.2 Adding a Time Zone Definition 


1 In ConsoleOne, click Tools > GroupWise System Operations > Time Zones. 


Configure Time Zones 


Time Zones: 

(GMT) Casablanca, Monrovia 

(GMT) Greenwich Mean Time; Dublin, Edinburgh, Lisbon, London 
(GMT+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna 
(GMT+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague 
(GMT+01:00) Brussels, Copenhagen, Madrid, Paris, Vilnius 
(GMT+01:00) Sarajevo, Skopje, Sofija, Warsaw, Zagreb 
(GMT+02:00) Athens, Istanbul, Minsk 

(GMT+02:00) Bucharest 

(GMT+02:00) Cairo 

(GMT+02:00) Harare, Pretoria 

(GMT+02:00) Helsinki, Riga, Tallinn 

(GMT+02:00) Israel 











Daylight Saving Time 


Start Date/Time: Last Sunday of March at 2:00 AM 
End Date/Time: Last Sunday of October at 3:00 AM 





2 Click Add to display the Add Time Zone dialog box. 
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Add Time Zone 





Time Zone Name: (GMT) | 


Offset from GMT: 0 < hours 0 4 minutes 
Abbreviation: 


|” Observe Daylight Savings Time 





Start Day: First ‘Sunday April 


























October 2 | 


Last Day: |Last Sunday 


Bias: 1 4 hours 0 + minutes 





3 Fillinthe following fields: 


Time Zone Name: Provide a name for the time zone definition (for example, some of'the 
major cities in the time zone). We suggest you include a reference (+ or -) to GMT, for example 
(GMT-07:00). The time zone list is sorted by the GMT offset. 


Offset from GMT: Specify the hours and minutes that the time zone is offset from Greenwich 
Mean Time. The offset from GMT keeps your different locations synchronized. For example, if 
a conference call is scheduled for 4:00 p.m. June 1 in Salt Lake City, the call would appear on a 
schedule in Adelaide at 8:30 a.m. June 2. If you are in the western hemisphere (west of the 
Greenwich Meridian and east of the International Date Line) be sure the hour offset is negative 
(-). If you are in the eastern hemisphere (east of the Greenwich meridian and west of the 
International Date Line) be sure the hour offset is positive. 


Abbreviation: Specify an abbreviation for the time zone. For example, the abbreviation for 
Atlantic Standard Time could be AST; the abbreviation for Atlantic Daylight Time could be 
ADT. 


Observe Daylight Saving Time: If the time zone observes daylight saving time, click the 
Observe Daylight Saving Time box, then fill out the remaining fields: 


+ Start Day: Select the day and time that daylight saving time starts. 
+ Last Day: Select the day and time that daylight saving time ends. 


¢ Bias: Select the number of hours and minutes that the clock changes at the daylight saving 
time start day, such as] hour or 1 hour 30 minutes. 


4 Click OK to add the definition to the time zone list. 


4.7.3 Deleting a Time Zone Definition 


When you delete a time zone from the list, you can no longer select it for a domain or post office. 


1 In ConsoleOne, click Tools > GroupWise System Operations > Time Zones. 
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Configure Time Zones 


Time Zones: 

(GMT) Casablanca, Monrovia 

(GMT) Greenwich Mean Time; Dublin, Edinburgh, Lisbon, London 
(GMT+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna 
(GMT+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague 
(GMT+01:00) Brussels, Copenhagen, Madrid, Paris, Vilnius 
(GMT+01:00) Sarajevo, Skopje, Sofija, Warsaw, Zagreb 
(GMT+02:00) Athens, Istanbul, Minsk 

I(GMT+02:00) Bucharest 

(GMT+02:00) Cairo 

(GMT+02:00) Harare, Pretoria 

(GMT+02:00) Helsinki, Riga, Tallinn 

(GMT+02:00) Israel 














Daylight Saving Time 


Start Date/Time: Last Sunday of March at 2:00 4M 
End Date/Time: Last Sunday of October at 3:00 AM 





2 Select the time zone to remove from the list, click Delete, then click Yes to confirm the deletion. 


4.8 External System Synchronization 


The External System Synchronization feature lets you automatically synchronize information 
between your system and an external GroupWise system connected to your system. For information 
about connecting GroupWise systems and keeping information synchronized between them, see 
“Connecting to GroupWise 5.x, 6.x, and 7.x Systems” in the GroupWise 7 Multi-System 
Administration Guide. 


4.9 Software Directory Management 


The Software Directory Management feature lets you manage GroupWise software distribution 
directories. A software distribution directory is simply an image of the GroupWise CDs located on a 
network server. Diagrams of the contents of software distribution directories are provided in 
“Directory Structure Diagrams” in GroupWise 7 Troubleshooting 3: Message Flow and Directory 
Structure: 


+ “NetWare/Windows Software Distribution Directory” 


+ “Linux Software Distribution Directory” 


From this network location, you can distribute the Group Wise client software to users or install 
additional GroupWise software such as the Message Transfer Agent, Post Office Agent, Internet 
Agent, WebAccess, and Monitor. 


When you install GroupWise, one software distribution directory is created automatically. Using 
Software Directory Management, you can create additional software distribution directories, update 
existing software distribution directories, or delete existing software distribution directories. A 
single software distribution directory can service multiple post offices and can contain software for 
multiple platforms. 


The preferred configuration is to create a software distribution directory on each server where one or 
more post offices are located. When you use this configuration, the POA for a post office does not 
need to access a remote server when performing Windows client software updates, as described in 
Section 66.1, “Using GroupWise AutoUpdate and SetupIP to Distribute the GroupWise Windows 
Client,” on page 1081. 


+ Section 4.9.1, “Creating a Software Distribution Directory,” on page 65 
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+ Section 4.9.2, “Updating a Software Distribution Directory,” on page 67 
+ Section 4.9.3, “Deleting a Software Distribution Directory,” on page 68 


4.9.1 Creating a Software Distribution Directory 


1 Make sure the directory you want to use as the software distribution directory exists. 


All distribution subdirectories (admin, agents, client, and so forth) will be created under this 
directory. 


2 Click Tools > GroupWise System Operations > Software Directory Management to display the 
Software Distribution Directory Management dialog box. 


Software Distribution Directory Management 


Software Distribution Directories: 





Name UNC Path 
GroupWise 7 Software WBD-NVVisysigrpwiselsoftware Create 





=æ] 

[2 1 

EN 
Help 








The Software Distribution Directories list includes all software distribution directories defined 
in your GroupWise system. 


3 Click Create to display the Create Software Distribution Directory dialog box. 


Create Software Distribution Directory 


i [e 
Description: Cancel 
Help 








Location 
UNC Path: 





AppleTalk Path (optional): 





Linux Path (optional): 








I Copy software from: 











4 Fill in the following fields: 


Name: Specify a name to identify the software distribution directory within your GroupWise 
system. For example, whenever you create a post office, you associate it with a software 
distribution directory. The software distribution directory’s name, not its location, appears in 
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the list of directories from which you can select. The name can include any characters; there are 
no restrictions. 


Description: Specify an optional description for the software distribution directory. You might 
want to use this description to indicate the software version or to give other pertinent 
information. 


Location: Specify the location where you want to create the software distribution directory. If 
you specify a path to a directory that does not exist, ConsoleOne creates the directory for you. 


NetWare In the UNC Path field, specify the location where you want to create a software 

and distribution directory based on the GroupWise 7 Administrator and Client (NetWare/ 
Windows: Windows) CDs. The Windows client checks this location for software updates. 
Linux: In the Linux Path field, specify the location where you want to create a software 


distribution directory based on the GroupWise 7 Administrator and Client (Linux) 
CDs. The Cross-Platform client checks this location for software updates for both the 
Linux and Macintosh versions of the Cross-Platform client. 


Macintosh: The AppleTalk Path field is used only if you are still running the GroupWise 5.2 
Macintosh client. 


You can fill in more than one field in order to distribute software for multiple platforms from a 
single software distribution directory. 


Copy Software From: Select this option to copy GroupWise software to the new directory, 
then choose from the following source locations: 


¢ Software Distribution Directory: If you want to copy software from an existing 
software distribution directory, select this option, then select the software distribution 
directory. All directories are copied. 


¢ Path: If you want to copy software from a location that is not defined as a software 
distribution directory in your GroupWise system (such as the GroupWise CDs), select this 
option, then browse for and select the correct path. 


5 Click OK to create the software distribution directory and add it to the list. 


Software Distribution Directory Management 


Software Distribution Directories: 

Name UNC Path 
GroupWise 7 Software WBD-NVVisysigrpwiselsoftware 
GroupWise 7 Support Pack \Whd-wintcSigrpwiselsoftware 























6 Click Close to exit the dialog box. 


Each time it starts, the POA checks to make sure it can access all of the software distribution 
directories in the list. If it encounters a problem accessing any software distribution directory, the 
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POA notifies you of the problem through the POA agent console and the POA log file. This helps 
ensure that each software distribution directory is always available. 


4.9.2 Updating a Software Distribution Directory 


1 Click Tools > GroupWise System Operations > Software Directory Management to display the 
Software Distribution Directory Management dialog box. 


KS Software Distribution Directory Management 


Software Distribution Directories: 
Name UNC Path 
GroupWise 7 Software WBD-NAsys'igrpwiseisoftware 




















The Software Distribution Directories list includes all software distribution directories defined 
in your GroupWise system. 


2 Select the software distribution directory to update, then click Update to display the Update 
Software Distribution Directory dialog box. 


Update Software Distribution Directory 


I” Update by copying from: 





[os Cancel 








e 








| Force auto-update check by GroupWise components 





3 Fill in the following fields: 


Update by Copying From: Select this option, then choose from the following source 
locations: 


+ Software Distribution Directory: If you want to copy software from an existing software 
distribution directory, select this option, then select the software distribution directory. All 
files and subdirectories are copied. 


+ Path: If you want to copy software from a location, that is not defined as a software 
distribution directory in your GroupWise system (such as the GroupWise CDs), select this 
option, then browse for and select the correct path. 


Force Auto-Update Check by GroupWise Components: This option causes the Group Wise 
Post Office Agent (in client/server access mode) or the GroupWise client (in direct access 
mode) to check the software distribution directory for a new version of the Group Wise client; if 
a new version is found, the next time a user starts the GroupWise client, he or she is prompted 
to update the client software. 
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The Force Auto-Update Check by GroupWise Components option is automatically selected 
when you select the Update by Copying From option. If you don’t select the Update by 
Copying From option, you can still select this option and then click OK. This forces an auto- 
update check of the client software version, but the software distribution directory’s files are 
not updated. 


To determine the current client software version in ConsoleOne, click Tools > GroupWise 
Diagnostics > Record Enumerations to display a list of record types in the domain database. 
From the drop-down list, select Areas by ID, select a software distribution directory, then click 
Info to list detailed information about the software distribution directory. Check the Software 
Version field to determine the GroupWise client software version. 


4 Click OK to update the directory’s software. 


4.9.3 Deleting a Software Distribution Directory 


When you delete a software distribution directory, the directory is removed from the file system and 
no longer appears in the list of software distribution directories. 


To delete a software distribution directory: 
1 Make sure that no post offices still have the software distribution directory assigned to them. 


If you try to delete a software distribution directory that is still in use, an error notifies you. The 
software distribution directory is assigned on the Post Office Settings property page of each 
Post Office object. 


2 Click Tools > GroupWise System Operations > Software Directory Management to display the 
Software Distribution Directory Management dialog box. 


Software Distribution Directory Management 


Software Distribution Directories: 
Name UNC Path 
GroupWise 7 Software WBD-NVisysigrpwiseisoftware 























The Software Distribution Directories list includes all software distribution directories defined 
in your GroupWise system. 


3 Select the directory to delete, click Delete, then click Yes to confirm the deletion. 


4.10 Restore Area Management 


A restore area is a location you designate to hold a backup copy of a post office so that you or 
Group Wise users can access it to retrieve mailbox items that are unavailable in your live GroupWise 
system. The Restore Area Management feature lets you manage your GroupWise system’s restore 
areas. 
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Detailed information for using restore areas is provided in Section 32.5, “Restoring Deleted Mailbox 
Items,” on page 413. Information about backing up post offices is provided in Section 31.2, 
“Backing Up a Post Office,” on page 407. 


4.11 Internet Addressing 


By default, GroupWise uses a proprietary address format consisting of a user’s ID, post office, and 
domain (userID.post_office.domain). After you install the GroupWise Internet Agent, you can 
configure your GroupWise system to handle one or more formats of Internet e-mail addresses. For 
setup instructions, see Chapter 45, “Configuring Internet Addressing,” on page 703 


4.12 Trusted Applications 


Trusted applications are third-party programs that can authenticate to Post Office Agents (POAs) 
and Internet Agents in order to access GroupWise mailboxes without needing personal user 
passwords. Trusted applications might perform such services as message retention or 
synchronization with mobile devices. The Trusted Application feature in ConsoleOne allows you to 
configure and delete trusted applications that are in use in your GroupWise system. 


+ Section 4.12.1, “Creating a Key for a Trusted Application,” on page 69 
+ Section 4.12.2, “Configuring a Trusted Application,” on page 69 
+ Section 4.12.3, “Deleting a Trusted Application,” on page 71 


For security guidelines for managing trusted applications, see Section 81.6, “Protecting Trusted 
Applications,” on page 1169. 


4.12.1 Creating a Key for a Trusted Application 


For information about creating and installing trusted applications, see GroupWise Trusted 
Application API (http://developer.novell.com/wiki/index.php/ 

Group Wise Trusted Application APT) at the Novell Developer Kit Web site (http:// 
developer.novell.com/wiki/index.php/Category:Novell_Developer_Kit). 


When a trusted application is created by a third party, the application must create a key that the 
application uses to authenticate to the GroupWise system. Although the trusted application itself can 
run on NetWare, Linux, or Windows, creating the trusted application key must currently take place 
on Windows. Creating the key causes the trusted application to be listed in ConsoleOne. 


4.12.2 Configuring a Trusted Application 


By default, a trusted application can authenticate to your GroupWise system from any network 
address. For tighter security, you can specify a particular IP address or DNS hostname from which 
the trusted application is allowed to authenticate. In addition, you can require a secure SSL 
connected, as needed. 


1 Click Tools > GroupWise System Operations > Trusted Applications to display the Configure 
Trusted Applications dialog box. 
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Configure Trusted Applications 


Trusted Applications: 
IntellisyncMobileSuite 








2 Inthe Trusted Applications list, select the application you want to edit, then click Edit. 


Edit Trusted Application 


Name: IntellisyncMobileSuite 





Description: = Mobile Server 


[ Requires SSL 





[ Provides Message Retention Service 





TCPIP Address: | Z| 





Cancel Help 





3 Modify any of the following fields: 


Name: This field displays the trusted application’s name. You cannot change the name. It is 
provided by the third-party program. 


Description: Specify a description for the trusted application. 


Requires SSL: Select this option to require a secure SSL connection between the trusted 
application and POAs and Internet Agents. 


Provides Message Retention Service: Select this option if the purpose of the trusted 
application is to retain GroupWise user messages by copying them from GroupWise mailboxes 
(user databases) into another storage medium. 


Turning on this option only defines the trusted application as a Message Retention Service 
application. In order for GroupWise mailboxes to support message retention, you must turn on 
the Enable Message Retention Service option in the GroupWise Client Options (Tools menu> 
GroupWise Utilities> Client Options > Environment > Retention). You can enable individual 
mailboxes, all mailboxes in a post office, or all mailboxes in a domain by selecting the 
appropriate object (User, Post Office, or Domain) before selecting GroupWise Client Options. 
For more information, see Chapter 65, “Setting Defaults for the Group Wise Client Options,” on 
page 1045. 


For information about the complete process required to use a trusted application for message 


retention, see Chapter 33, “Retaining User Messages,” on page 419. 


TCP/IP Address: If you want to restrict the location from which the trusted application can 
authenticate to your GroupWise system, specify the network address of the server where the 
application runs. In the TCP/IP Address field, click Edit, then specify the IP address or DNS 
hostname of the trusted application’s server. 


If you want to allow the trusted application to authenticate from any server, do not specify an IP 
address or DNS hostname. 


For information about how the POA handles trusted application processing of message files, see 
Section 36.3.6, “Configuring Trusted Application Support,” on page 507. 
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4.12.3 Deleting a Trusted Application 


1 Click Tools > GroupWise System Operations > Trusted Applications to display the Configure 
Trusted Applications dialog box. 


Configure Trusted Applications 


Trusted Applications: 
IntellisyncMobileSuite 








2 Inthe Trusted Applications list, select the application you want to delete, click Delete, then 
click Yes to confirm the deletion. 


4.13 LDAP Servers 


The LDAP Servers feature lets you define the LDAP servers you want to use for LDAP 
authentication to Group Wise mailboxes. 


For information about defining LDAP servers, see “Providing LDAP Server Configuration 
Information” on page 501. 


For information about using LDAP for user authentication to Group Wise mailboxes, see “Providing 
LDAP Authentication for GroupWise Users” on page 501. 


4.14 Global Signatures 


You can build a list of globally available signatures that can be automatically appended to messages 
sent by GroupWise client users. The global signature is appended to messages after any personal 
signatures that users create for themselves. For setup instructions, see Section 14.3, “Adding a 
Global Signature to Users’ Messages,” on page 219. 
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GroupWise Utilities 


The GroupWise® utilities in ConsoleOne® are used to perform various maintenance and 
configuration tasks for your GroupWise system. The following sections provide information about 
the system utilities included on the Tools menu (Tools > GroupWise System Utilities): 


+ 


+ 


+ 


+ 


+ 


+ 


+ 


Section 5.1, “Mailbox/Library Maintenance,” on page 73 
Section 5.2, “System Maintenance,” on page 74 

Section 5.3, “Backup/Restore Mailbox,” on page 74 
Section 5.4, “Recover Deleted Account,” on page 74 
Section 5.5, “Client Options,” on page 74 

Section 5.6, “Expired Records,” on page 74 

Section 5.7, “Email Address Lookup,” on page 75 

Section 5.8, “Synchronize,” on page 75 

Section 5.9, “User Move Status,” on page 75 

Section 5.10, “Link Configuration,” on page 75 

Section 5.11, “Document Properties Maintenance,” on page 76 
Section 5.12, “Import/Export,” on page 76 

Section 5.13, “New System,” on page 76 

Section 5.14, “Check eDirectory Schema,” on page 76 
Section 5.15, “Gateway Alias Migration,” on page 77 
Section 5.16, “GW / eDirectory Association,” on page 77 
Section 5.17, “Standalone GroupWise Utilities,” on page 82 


In addition to the system utilities included on the Tools menu in ConsoleOne, GroupWise includes 
the following standalone utilities: 


+ 


+ 


Section 5.17.1, “Group Wise Check Utility (GWCheck),” on page 82 

Section 5.17.2, “Group Wise Target Service Agent (GWTSA),” on page 82 

Section 5.17.3, “Group Wise Target Service Agent for File Systems (TSAFSGW),” on page 82 
Section 5.17.4, “Group Wise Backup Time Stamp Utility (GWTMSTMP),” on page 83 
Section 5.17.5, “Group Wise Database Copy Utility (DBCOPY),” on page 83 

Section 5.17.6, “Group Wise Generate CSR Utility (GWCSRGEN),” on page 83 


5.1 Mailbox/Library Maintenance 


You can use the Mailbox/Library Maintenance utility to check the integrity of and repair user/ 
resource, message, and library databases, and to free disk space in post offices. 


For detailed information and instructions, see Chapter 27, “Maintaining User/Resource and Message 
Databases,” on page 385, Chapter 28, “Maintaining Library Databases and Documents,” on 
page 391, and Chapter 30, “Managing Database Disk Space,” on page 399. 
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5.2 System Maintenance 


You can use the System Maintenance utility to check the integrity of and repair domain and post 
office databases. 


For detailed information and instructions, see Chapter 26, “Maintaining Domain and Post Office 
Databases,” on page 377. 


5.3 Backup/Restore Mailbox 


You can use the Backup/Restore Mailbox utility to restore an individual user's Mailbox items from a 
backup copy of the post office database. 


For detailed information and instructions, see Chapter 32, “Restoring GroupWise Databases from 
Backup,” on page 411. 


5.4 Recover Deleted Account 


If you have a reliable backup procedure in place, you can use the Recover Deleted Account utility to 
restore recently deleted user and resource accounts from the backup version of the Group Wise 
primary domain database. After the account has been re-created, you can then restore the 
corresponding mailbox and its contents to complete the process. Membership in distribution lists 
and ownership of resources must be manually re-established. 


For complete instructions, see Section 32.6, “Recovering Deleted GroupWise Accounts,” on 
page 416. 


5.5 Client Options 


You can use the Client Options utility to set the default options (preferences) for the GroupWise 
client. You can set options at the domain, post office, or user level. Options set at the domain level 
apply to all users in the domain, and options set at the post office level apply to all users in the post 
office. If you don’t want users to change options, you can lock the options. 


NOTE: The GroupWise Cross-Platform client does not yet support all of the client options that can 
be set in ConsoleOne. 





For detailed information and instructions, see Chapter 65, “Setting Defaults for the GroupWise 
Client Options,” on page 1045. 


5.6 Expired Records 


You can use the Expired Records utility to view and manage the GroupWise user accounts that have 
an expiration date assigned to them. 


For detailed information and instructions, see Chapter 14.10, “Removing GroupWise Accounts,” on 
page 241. 
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5.7 Email Address Lookup 


You can use the Email Address Lookup utility to search for the GroupWise object (User, Resource, 
Distribution List) that an e-mail address is associated with. You can then view the object’s 
information. For more information, see Section 14.7.1, “Ensuring Unique E-Mail Addresses,” on 
page 236. 


5.8 Synchronize 


Group Wise automatically replicates information (domain, post office, user, resource, and so forth) to 
all domain and post office databases throughout your GroupWise system. This ensures that the 
information in each database is synchronized. 


Situations might occur, however, that result in information not being replicated to all domain and 
post office databases. If you think that some information has not been replicated correctly, you can 
cause the information to be replicated again so that it becomes synchronized throughout your entire 
Group Wise system. For example, if you notice that a user’s information is incorrect in the Address 
Book, you can synchronize that user’s eDirectory™ User object so that his or her information is 
replicated to all domain and post office databases again. 


For detailed information and instructions, see Chapter 29, “Synchronizing Database Information,” 
on page 395. 


5.9 User Move Status 


You can use the User Move Status utility to track progress as you move users from one post office to 
another. Using the User Move Status utility, you can: 
¢ List users that are currently being moved and filter the list by domain, post office, and object. 
+ View the current status of the move for each object and see any errors that have occurred. 


+ Immediately retry a move where some of the information on the user inventory list failed to 
arrive at the destination post office. By default, the POA retries automatically every 12 hours 
for seven days to move all the information included on the user inventory list. 


+ Stop the POA from continuing its automatic retries. 
¢ Restart (from the beginning) a move that has stopped before successful completion. 


¢ Refresh the list to display current move status and clear completed moves from the list. 


For more information, see Section 14.4.7, “Monitoring User Move Status,” on page 228. 


5.10 Link Configuration 


GroupWise domains and post offices must be properly linked in order for messages to flow 
throughout your GroupWise system. You can use the Link Configuration utility to ensure that your 
domains and post offices are properly linked and to optimize the links if necessary. For detailed 
information and instructions, see Chapter 10, “Managing the Links between Domains and Post 
Offices,” on page 137. 
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5.11 Document Properties Maintenance 


Each document stored in the GroupWise Document Management Services (DMS) has properties 
associated with it. These properties identify the document, determine its disposition (archive, delete, 
keep), set its level of security, and provide information for locating it in searches. Certain document 
properties are standard in GroupWise. You can also customize DMS for your organization by 
defining additional properties. For detailed information and instructions, see Section 23.2.1, 
“Customizing Document Properties,” on page 338. 





NOTE: On Linux, Document properties maintenance is not available in ConsoleOne. 





5.12 Import/Export 


The Group Wise Import utility reads an ASCII-delimited text file created by the GroupWise Export 
utility or by a third-party export, and creates Novell® eDirectory and GroupWise objects with 
attributes from the file. The Import utility supports most eDirectory classes (including extensions) 
and GroupWise classes. You can specify the delimiters, eDirectory contexts, and file field positions 
to use during import. For instructions, see Section 13.2.4, “Creating GroupWise Accounts by 
Importing Users,” on page 209. 





NOTE: On Linux, the Import/Export utility is not available for use in ConsoleOne. 


5.13 New System 


You can use the New System utility to create a new GroupWise system. 


The process for creating a new GroupWise system is similar to the process of creating your initial 
Group Wise system (see “Installing a Basic GroupWise System” in the GroupWise 7 Installation 
Guide), except that you don’t install the software from the GroupWise CDs. Instead, during creation 
of the new system, you are asked to specify an existing software distribution directory to use in the 
new system. If you don’t want to share software distribution directories between systems, you 
should create a new distribution directory. For information about creating software distribution 
directories, see Section 4.9, “Software Directory Management,” on page 64. 


5.14 Check eDirectory Schema 


Group Wise systems include Group Wise-specific objects that are not available in eDirectory until the 
eDirectory schema for the tree has been extended for these objects. Schema extension takes place 
automatically when you create a GroupWise system using the GroupWise Setup Advisor. You can 
check an eDirectory tree to determine whether its schema has been extended for Group Wise. 

1 In ConsoleOne, select a tree to check. 

2 Click Tools > GroupWise Utilities > Check eDirectory Schema. 


If the eDirectory tree has not yet been extended for GroupWise, the eDirectory Schema 
Extension dialog box lists the changes that are required for Group Wise. 
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eDirectory Schema Extension S KETT 


The eDirectory schema for the selected tree is not properly 
modified for use with GroupWise. 


eDirectory Schema Changes 
Add Attribute: NGW: Carbon Copy Member = 
Add Attribute: NGW: Blind Copy Member 
Add Attribute: NGW: GroupWise ID 

Add Attribute: NGW: Location 

Add Attribute: NGW: Language 

Add Attribute: NGW: Type 

Add Attribute: NGW: Time Zone ID 

Add Attribute: NGW: File ID 

Add Attribute: NGW: Version 

Add Attribute: NGW: Network Type 

















Le 





Would you like to update the eDirectory schema at this 
time? 





| xes || no || Hem | 





3 Click Yes to extend the schema for GroupWise so that you can create GroupWise objects in the 
selected tree. 


or 
Click No if you decide you do not want to be able to create GroupWise objects in the selected 


tree. 


If the schema of the tree has already been extended for GroupWise objects, a message notifies you 
of this and you can immediately create new GroupWise objects in the selected tree. 


5.15 Gateway Alias Migration 


If you have been using SMTP gateway aliases to handle e-mail addresses that do not fit the default 
format expected by the Internet Agent or to customize users’ Internet addresses, the Gateway Alias 
Migration utility can convert the usernames in those gateway aliases into preferred e-mail IDs. The 
Preferred E-Mail ID feature was first introduced in GroupWise 6.5 and is the suggested method for 
overriding the current e-mail address format, as described in Section 14.7.2, “Changing a User’s 
Internet Addressing Settings,” on page 236. The Gateway Alias Migration utility can also update 
users’ preferred Internet domain names based on their existing gateway aliases. 


For usage instructions, see Section 45.3, “Transitioning from SMTP Gateway Aliases to Internet 
Addressing,” on page 713. 


5.16 GW / eDirectory Association 


The GW / eDirectory Association menu includes the following options: 


+ Section 5.16.1, “Graft GroupWise Objects,” on page 78 

¢ Section 5.16.2, “Invalid Associations,” on page 78 

+ Section 5.16.3, “Associate Objects,” on page 80 

+ Section 5.16.4, “Disassociate GroupWise Attributes,” on page 81 
+ Section 5.16.5, “Convert External Entity to User,” on page 81 

+ Section 5.16.6, “Convert User to External Entity,” on page 82 
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5.16.1 Graft GroupWise Objects 


You can use the Graft GroupWise Objects utility to create GroupWise objects in the eDirectory tree 
from the information in your GroupWise domain database. The utility creates Domain, Post Office, 
and Gateway objects as well as User, Resource, and Distribution List objects. When grafting 

Group Wise user information from the GroupWise database into eDirectory, you can match the 
Group Wise user information to an existing User object, or you can create a new eDirectory External 
Entity object and convert it into an eDirectory User object, as described in Section 5.16.5, “Convert 
External Entity to User,” on page 81. 


Grafting GroupWise objects from the GroupWise database into eDirectory can be useful in the 
following situations: 


+ The GroupWise database includes information that is not included in eDirectory. 


+ You want to move GroupWise information (domains, post offices, gateways, users, or 
resources) from one eDirectory tree to another. 


To graft GroupWise objects: 


1 In ConsoleOne, select a container in the eDirectory view. 


2 Click Tools > GroupWise Utilities > GW / eDirectory Associations > Graft GroupWise Object 
to display the Graft GroupWise Objects dialog box. 


Graft GroupWise Objects 


Graft GroupWise Objects 

This advisor helps you create GroupWise objects in eDirectory 
from the information in the GroupWise directory (domain 
database). 

Which GroupWise objects do you want to graft? 


© Domains, post offices, and gateways 


© Users, resources, distribution lists, and libraries 








Cancel Help 





3 Follow the on-screen prompts. If you need information about a dialog box, click the Help 
button. 


5.16.2 Invalid Associations 


Normally, a GroupWise object in eDirectory points to corresponding information in the GroupWise 
domain database. In turn, the information in the GroupWise domain database points back to its 
corresponding object in eDirectory. 


Occasionally, a situation might arise where information in the GroupWise domain database no 
longer points to the same eDirectory object that points to it. This results in an invalid association 
between the information in the two directories. 
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You can use the Invalid Associations utility to correct invalid associations between information in 
the GroupWise domain database and eDirectory. 


To check for invalid associations: 


1 Inthe eDirectory View in ConsoleOne, select the container whose objects you want to check 
for invalid associations (for example, an Organization, Organizational Unit, Domain, or Post 
Office). 


2 Click Tools > GroupWise Utilities > GW / eDirectory Associations > Invalid Associations to 
display the Invalid Associations dialog box. 


Invalid Associations 


> 
7 — 
I II TII 


Below is a list of the invalid associations of Provo3. Select the eDirectory object(s) to 
disassociate or delete. 





| - Object in question Il- GroupWise object Ill - Linked to object 
[IGWDOC TREE/Orem.Gr... [Orem i 
GWDOC_TREE/Facilities...Orem.Facilities 





The object in column | has an invalid association to the Group¥Vise object in column Il. The 
GroupWise object is currently associated to the object in column Ill. 


Cancel Hep | 





The dialog box lists each invalid association for the objects in the selected container. The 
dialog box fields are described below: 

+ Object in Question (Column I): This field lists the eDirectory object that has an invalid 
association to a GroupWise object. The eDirectory object points to the GroupWise object 
listed in Column II, but the GroupWise object, according to the GroupWise domain 
database, does not point back to the eDirectory object. 

+ GroupWise Object (Column II): This field lists the GroupWise object to which the 
eDirectory object listed in Column I is associated. 

+ Linked to Object (Column III): This field lists the eDirectory object to which the 
Group Wise object listed in Column II has a valid association. 

3 To remove the invalid association by disassociating the eDirectory object in Column I with the 
GroupWise object in Column II, select the association, then click Disassociate. 

4 To remove the invalid association by deleting the eDirectory object listed in Column I, select 
the association, then click Delete. 
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5.16.3 Associate Objects 


You can use the Associate Objects utility to associate GroupWise information with an eDirectory 
object. 


For example, if you delete a user’s eDirectory account but not his or her GroupWise account, the 
user’s Group Wise information is retained as a GroupWise External User object in the GroupWise 
database and can be viewed in the GroupWise View. You can then associate the Group Wise External 
User object with another eDirectory User object. In essence, you are moving the GroupWise 
information from one eDirectory User object to another. 


In some circumstances, it is possible for the link between an eDirectory User object and its 
GroupWise information to be lost. If this occurs, the GroupWise information, which still exists in 
the GroupWise database, appears as a GroupWise External User object in the GroupWise View. You 
can use the Associate Objects utility to reassociate the Group Wise information with the eDirectory 
User object. 


The Associate Objects utility can be used to associate the following objects: 


+ GroupWise User or External User objects with eDirectory User objects 


+ GroupWise External Entity objects with eDirectory External Entity objects 


Associating GroupWise User or External User Objects with eDirectory User Objects 


1 Inthe GroupWise View in ConsoleOne, select the GroupWise User or External User object you 
want. 


or 


In the eDirectory View, select the eDirectory User object you want. 
2 Click Tools > GroupWise Utilities > GW / eDirectory Associations > Associate Objects. 


3 Ifyou selected a GroupWise User or External User object in Step 1, select the eDirectory User 
object you want to associate with it. 


or 


If you selected an eDirectory User object in Step 1, select the GroupWise User object you want 
to associate with it. 


4 Click OK to create the association. 


If the eDirectory User object is already associated with another GroupWise object, you receive 
a warning message indicating this. If you continue, the eDirectory User object is associated 
with the selected GroupWise object and its association with the other GroupWise object is 
removed. 


If the GroupWise User or External User object is already associated with another eDirectory 
User object, you receive a warning message indicating this. If you continue, the GroupWise 
User object is associated with the selected eDirectory object and its association with the other 
eDirectory object is removed. 


Associating GroupWise External Entity Objects with eDirectory External Entity 
Objects 


1 Inthe GroupWise View in ConsoleOne, select the GroupWise External Entity object you want. 
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or 


In the eDirectory View, select the eDirectory External Entity object you want. 
2 Click Tools > GroupWise Utilities > GW / eDirectory Associations > Associate Objects. 


3 Ifyou selected a GroupWise External Entity object in Step 1, select the eDirectory External 
Entity object you want to associate with it. 


or 


If you selected an eDirectory External Entity object in Step 1, select the GroupWise External 
Entity object you want to associate with it. 


4 Click OK to create the association. 


If the eDirectory External Entity object is already associated with another GroupWise object, 
you receive a warning message indicating this. If you continue, the eDirectory External Entity 
object is associated with the selected GroupWise object and its association with the other 
Group Wise object is removed. 


If the GroupWise External Entity object is already associated with another eDirectory External 
Entity object, you receive a warning message indicating this. If you continue, the GroupWise 
External Entity object is associated with the selected eDirectory object and its association with 
the other eDirectory object is removed. 


5.16.4 Disassociate GroupWise Attributes 


You can use the Disassociate GroupWise Attributes utility to disassociate GroupWise information 
from an eDirectory User object. This results in two separate eDirectory objects: 
+ The User object, which no longer includes any GroupWise information. 


+ A GroupWise External User object, which represents the user’s record in the Group Wise 
database and is displayed only in the GroupWise View. The External User object allows the 
user to continue to have access to GroupWise and also enables you to graft the user record to 
another eDirectory User object. For more information, see Section 5.16.1, “Graft GroupWise 
Objects,” on page 78. 


To disassociate the GroupWise attributes from an eDirectory User object: 


1 In ConsoleOne, select the User object whose Group Wise attributes you want to remove. 


2 Click Tools > GroupWise Utilities > GW / eDirectory Associations > Disassociate GroupWise 
Attributes. 


5.16.5 Convert External Entity to User 


You can use the Convert External Entity to User utility to convert a GroupWise External Entity 
object to an eDirectory User object. 


1 In ConsoleOne, select the GroupWise External Entity object that you want to convert to an 
eDirectory User object. 


2 Click Tools > GroupWise Utilities > GW / eDirectory Associations > Convert External Entity to 
User. 


3 Click Yes to confirm that you want the conversion performed. 
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5.16.6 Convert User to External Entity 


You can use the Convert User to External Entity utility to convert a User object to a Group Wise 
External Entity object. 


1 In ConsoleOne, select the User object that you want to convert to an GroupWise External 
Entity object. 


2 Click Tools > GroupWise Utilities > GW / eDirectory Associations > Convert User to External 
Entity. 


3 Click Yes to confirm that you want the conversion performed. 


5.17 Standalone GroupWise Utilities 


Although ConsoleOne provides the primary administrative tool for managing your GroupWise 
system, additional standalone utilities are provide to meet specialized needs. These utilities perform 
tasks that might need to be performed in environments where ConsoleOne is not available. 

+ Section 5.17.1, “GroupWise Check Utility (GWCheck),” on page 82 

+ Section 5.17.2, “GroupWise Target Service Agent (GWTSA),” on page 82 

+ Section 5.17.3, “GroupWise Target Service Agent for File Systems (TSAFSGW),” on page 82 

+ Section 5.17.4, “GroupWise Backup Time Stamp Utility (GWTMSTMP),” on page 83 

+ Section 5.17.5, “GroupWise Database Copy Utility (DBCOPY),” on page 83 

+ Section 5.17.6, “GroupWise Generate CSR Utility (GWCSRGEN),” on page 83 


5.17.1 GroupWise Check Utility (GWCheck) 


GroupWise Check is a standalone version of the ConsoleOne Mailbox/Library Maintenance utility. 
Like the Mailbox/Library Maintenance utility, GroupWise Check checks and repairs Group Wise 
user, message, library, and resource databases. However, in addition to checking post office, user, 
and library databases, it also checks users’ remote, caching, and archive databases. 


For information about using GroupWise Check, see Section 34.1, “GroupWise Check,” on 


page 423. 


5.17.2 GroupWise Target Service Agent (GWTSA) 


The GroupWise Target Service Agent (GWTSA) works with software backup programs to provide 
reliable backups of a running GroupWise system on NetWare 5.1. 


For information about using GWTSA, see Section 34.2.1, “GroupWise Target Service Agent 
(GWTSA) for NetWare 5.1,” on page 435. 


5.17.3 GroupWise Target Service Agent for File Systems 
(TSAFSGW) 


The GroupWise Target Service Agent for File Systems (TSAFSGW) works with software backup 
programs to provide reliable backups of a running GroupWise system on NetWare 6.x/OES and 
Linux 
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For information about using TSAFSGW, see Section 34.2.2, “GroupWise Target Service Agent for 
File Systems (TSAFSGW) for NetWare 6.x/OES and Linux,” on page 439. 


5.17.4 GroupWise Backup Time Stamp Utility (GWTMSTMP) 


The GroupWise Backup Time Stamp utility (GWTMSTMP) can be used to place a time stamp on a 
Group Wise user database to indicate the last time the database was backed up. Ifa user deletes an 
item from his or her mailbox and purges it from the Trash, the item is only deleted from the user’s 
database if the time stamp shows that the item would have already been backed up. Otherwise, the 
item remains in the user’s database until the database is backed up, at which time it is deleted from 
the working database. 


For information about using the GroupWise Backup Time Stamp utility, see Section 34.3, 
“GroupWise Time Stamp Utility,” on page 448. 


5.17.5 GroupWise Database Copy Utility (DBCOPY) 


The Group Wise Database Copy utility (DBCOPY) copies files from a live GroupWise system to a 
static location for backup. During the copy process, DBCOPY prevents the files from being 
modified, using the same locking mechanism used by other GroupWise programs that access 
databases. This ensures that the backed-up versions are consistent with the originals even when large 
databases take a substantial amount of time to copy. 


For information about using the GroupWise Database Copy utility, see Section 34.4, “GroupWise 
Database Copy Utility,” on page 455. 


5.17.6 GroupWise Generate CSR Utility (GWCSRGEN) 


To provide secure communication through an SSL (Secure Socket Layer) connection, the 
Group Wise Agents (MTA, POA, and Internet Agent) require access to a server certificate and 
private key. 


You can use the Group Wise Generate CSR utility (GWCSRGEN) to generate a Certificate Signing 
Request (CSR) file and a Private Key file. 


The CSR file, which is Base64 encoded, contains the information required for a Certificate 
Authority (CA) to issue you a server certificate. This server certificate, when paired with the private 
key generated by the GroupWise Generate CSR utility, enables GroupWise agents to use SSL 
connections. 


For information about SSL and certificates, see Section 71.2, “Server Certificates and SSL 
Encryption,” on page 1123. 
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GroupWise Address Book 


The GroupWise® Address Book plays a central role in a GroupWise user’s experience with 
addressing messages. The default configuration of the GroupWise Address Book is often sufficient 
for a typical GroupWise system, but some customization options are available to enable the 
GroupWise Address Book to meet user needs. 

+ Section 6.1, “Customizing Address Book Fields,” on page 85 

+ Section 6.2, “Controlling Object Visibility,” on page 89 

+ Section 6.3, “Supporting Messenger Presence Display in GroupWise,” on page 90 

+ Section 6.4, “Updating Address Book Information,” on page 91 

¢ Section 6.5, “Controlling Address Book Synchronization for Remote Client Users,” on page 91 

+ Section 6.6, “Enabling Wildcard Addressing,” on page 92 

¢ Section 6.7, “Adding External Users to the GroupWise Address Book,” on page 95 

¢ Section 6.8, “Facilitating Addressing through GroupWise Gateways,” on page 100 





NOTE: In addition to the administrator-controlled changes you can make to the Address Book, 
Group Wise users can make individual changes such as creating personal address books, sharing 
personal address books, and accessing LDAP address books. For information about the Address 
Book functionality available to users, see: 

+ Using the Address Book in the GroupWise 7 Windows Client User Guide 

+ Using the Address Book in the GroupWise 7 Cross-Platform Client User Guide 


+ Using the Address Book in the GroupWise 7 WebAccess Client User Guide 





6.1 Customizing Address Book Fields 


The GroupWise clients display specific fields in the GroupWise Address Book by default: 


Table 6-1 Default Address Book Fields in the GroupWise Clients 


Windows Client Cross-Platform Client WebAccess Client 
Name Name Name 
E-Mail Address E-Mail Address E-Mail Address 
Title Department 
Office Phone Number Office Phone Number 

Fax Number 

User ID 

Last Name 

First Name 
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NOTE: Address Book fields in the WebAccess client are set permanently and cannot be changed by 
you or by client users 





Windows and Linux/Mac client users can add more columns to their own Address Book. In the 
client, users right-click the Address Book column header, then select a column from the drop-down 
list or click More Columns to display a longer list of possible columns. 


In ConsoleOne®, you can add columns to the list that is displayed in the GroupWise clients when 
users click More Columns. This is configured at the domain level. 

+ Section 6.1.1, “Adding eDirectory Fields to the Address Book,” on page 86 

+ Section 6.1.2, “Adding LDAP Fields to the Address Book,” on page 87 

+ Section 6.1.3, “Changing the Default Sort Order,” on page 88 

+ Section 6.1.4, “Removing Fields from the Address Book,” on page 89 


+ Section 6.1.5, “Preventing the User Description Field from Displaying in the Address Book,” 
on page 89 


6.1.1 Adding eDirectory Fields to the Address Book 


Adding an eDirectory field makes the field available in the GroupWise Address Book when users 
click More Columns in the GroupWise client. Users must manually select the columns you add in 
ConsoleOne in order to make the available in the Group Wise client. 


1 In ConsoleOne, right-click the Domain object whose Address Book you want to modify, then 
click Properties. 


2 Click GroupWise > Address Book to display the Address Book page. 


Properties of Provo3 


DS Rights + | Other | Rights to Files and Folders | 








Sort address book by: First Name, Last Name bd 





Address Book Fields: Available Fields: 





Given Name (required) 
Last Name (required) 
Phone 

Department 

Title 

Fax 

Object ID 

Post Office Name 
Domain Name 


Le Le 





Account ID 
[Distinguished Name 
Middle Initial 
Personal Title 
Qualifier 


Network ID 
File ID 
Company 
Description 


tjl 











Map Additional Fields 
*Administrator-defined field 
T Do Not Display User Comments 
Page Options... | Cancel | | Help 








The Address Book Fields list shows all fields that are available for selection in the Address 
Book in the GroupWise client. 


The Available Fields list shows additional predefined GroupWise user fields that can be added 
to the Address Book. Novell® eDirectory™ also includes user information that is not associated 
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to GroupWise user fields. For example, a User object includes Postal Address fields named 
City, State, and Zip Code. By default, these fields are not included as GroupWise fields. 
However, you can use the Map Additional Fields button to map eDirectory user fields to 
Group Wise fields so that they can be displayed in the GroupWise Address Book. 


To add a field that is not displayed in the Available Fields list, click Map Additional Fields, 
select an unmapped Admin-defined field, click Edit, select the eDirectory property to map to 
the Admin-defined field, then click OK twice to add it to the Available Fields list. 





NOTE: To add fields independent of a specific domain’s Address Book, use Tools > 

Group Wise System Operations > Admin-Defined Fields to display the Administrator-Defined 
Fields dialog box. The fields defined in this dialog box are available for selection and display in 
the Address Book belonging to any domain. 





In the Available Fields list, select the field you want to make available in the Address Book, 
then click the left-arrow to move it to the Address Book Fields list. 


If the field is an Administrator-defined field and you want to change how the field is labeled in 
the Address Book, select the field, click Edit Label, specify a new label in the Address Book 
Label field, then click OK. 


Administrator-defined fields are marked with an asterisk (*). You can only edit an 
Administrator-defined field that is in the Address Book Fields list. 


6 When you are finished, click OK in the Address Book page to save your changes. 


6.1.2 Adding LDAP Fields to the Address Book 


A number of LDAP fields that are available in ConsoleOne are not listed on the Address Book 
property page of the Domain object. These LDAP fields can also be added to the Group Wise 
Address Book by making them visible in eDirectory. 


1 In ConsoleOne, right-click your Tree object, then click Properties. 


Properties of CORP_TREE (x) 


NDS Rights + | Other | General | Rights to Files and Folders | 
Trustees of this Object 


The following are assigned trustees of: [Root] 


Add Trustee... 





42) [This] 
(3 admin.Docdev Novell 
Delete Trustee... 


Assigned Rights... 


Effective Rights... 

















Page Options... OK | Cancel | Apply | Help | 








2 Select Public, click Assigned Rights, then click Add Property. 
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Add Property 





Supported Services 
Supported Typefaces 
‘Surname 

Svelnfo 

SvcType 

SveTypelD 
Synchronization Tolerance 
Synchronized Up To 

T 


Telephone Number 
Timezone 

Transitive Vector 
Trustees Of New Object 
Type Creator Map 


ed El 


IV Show all properties 














OK | Cancel Help | 








In the Add Property dialog box, all capitalized property names sort ahead of all uncapitalized 
property names. 


3 Select Show All Properties, scroll down to locate the property you want to add to the 
GroupWise Address Book, select the property (for example, Title), then click OK. 


Rights assigned to: [Public] 
On object: [Root] 
Property 


= 5 TF Supervisor 
4 [All Attributes Rights] 
À [Entry Rights] IV Compare 
IV Read 
I Write 
T Add Self 


I Inheritable 


Add Property... 
Delete Property 


Cancel Help 





4 With the new property highlighted, select Inheritable, then click OK twice to save the new 
property settings. 


When you return to the Address Book property page of the Domain object, you can select the new 
property to display in the GroupWise Address Book, as described in Section 6.1.1, “Adding 
eDirectory Fields to the Address Book,” on page 86. 


6.1.3 Changing the Default Sort Order 





NOTE: The Sort Address Book By field on the Address Book page of the Domain object is obsolete 
and no longer affects Address Book sorting in the GroupWise clients. 
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6.1.4 Removing Fields from the Address Book 


If there are fields in the Address Book that are not used or that you don’t want displayed to users, 
you can remove them. 


On the Address Book page of the Domain object: 


1 Inthe Address Book Fields list, select the field you want to remove, then click the right-arrow 
to move the field to the Available Fields list. 
The fields in the Available Fields list are not displayed in the Address Book. 

2 Repeat Step 1 to remove additional fields you don’t want to use. 


3 Click OK to save your changes. 


6.1.5 Preventing the User Description Field from Displaying in 
the Address Book 


The GroupWise Address Book provides detailed user information as well as e-mail addresses. A 
user’s detailed information includes a comments field that displays the information stored in the 
User object Description field (User object > General > Identification). If you have included 
information in the Description field that you don’t want displayed in the GroupWise Address Book, 
you can prevent the field’s contents from being displayed. 





TIP: To view a user’s detailed information, including the comments field, in the Address Book, 
select the user’s address, then click View > Details. 





On the Address Book page of the Domain object: 


1 Enable the Do Not Display User Comments option. 
2 Click OK to save your changes. 


6.2 Controlling Object Visibility 


An object’s visibility determines which post office databases the object’s information is distributed 
to. A post office’s users can only see an object’s information in the Address Book if the object’s 
information has been distributed to its post office. 


Visibility applies to the following objects: user, external user, external entity, resource, external 
resource, distribution list, eDirectory group, eDirectory organizational role, and nickname. 





IMPORTANT: Unlike the other objects listed above, nicknames that have been distributed to a post 
office do not actually appear in the post office’s Address Book. Users must type the nickname’s 
address in the message rather than select it from the Address Book. 





You can choose from the following visibility levels: 


+ System: The object is visible in every post office Address Book throughout the system; if 
external system synchronization is turned on, it is also available for distribution to other 
GroupWise systems. This is the default for users, external users, resources, external resources, 
external entities, and nicknames. 
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+ Domain: The object is visible only in the Address Book of the post offices located in the 
object’s domain. 


+ Post Office: The object is visible only in the Address Book of the object’s post office. This is 
the default for distribution lists, groups, and organizational roles. 


+ None: The object is not visible in the Address Book of any post offices. 
For information about setting visibility for various GroupWise objects, see: 


+ Section 14.7.3, “Changing a User’s Visibility in the Address Book,” on page 238 

+ Section 16.6.2, “Changing a Resource’s Visibility in the Address Book,” on page 258 

+ Section 18.8.2, “Changing a Distribution List’s Visibility in the Address Book,” on page 274 

+ Section 19.3, “Changing a Group’s Visibility in the Address Book,” on page 281 

¢ Section 20.3, “Changing an Organizational Role’s Visibility in the Address Book,” on page 287 


6.3 Supporting Messenger Presence Display in 
GroupWise 


Group Wise and Messenger can be integrated so that Messenger presence information displays in the 
GroupWise Windows client. Messenger presence enables users to easily choose instant messaging 
as an alternative to e-mail. Messenger presence icons appear in the From field of a received 
message, in the Quick Info for users specified in the To, CC, and BC fields of a new message, and in 
the Quick Info for users in the Address Book. Messenger presence is enabled by default. 


To provide the Group Wise client with the information it needs to display Messenger presence, you 
need to modify the configuration of the Address Book for each domain where there are users who 
use Messenger. 

1 In ConsoleOne®, browse to and right-click the Domain object, then click Properties. 

2 Click GroupWise > Address Book. 


Properties of Provo3 


IDS Rights v | Other | Rights to Files and Folders | 

















Sort address book by: First Name, Last Name El 
Address Book Fields: Available Fields: 
Given Name (required) Account ID 

Last Name (required) Distinguished Name 
Phone Middle Initial 
Department Personal Title 

Title Qualifier 

Fax <a 

Object ID — 

Post Office Name = 

Domain Name — 

Network ID 

File ID 

Company 

Description 








4] +] 





Map Additional Fields 
*Administrator-defined field 
FT Do Not Display User Comments 
Page Options... Cancel Help 








90 GroupWise 7 Administration Guide 


3 Inthe Available Fields list, select Distinguished Name, then click the left-arrow to move 
Distinguished Name into the Address Book Fields list. 


4 Click OK to save your change. 


5 After the Address Book is properly configured, use the Client Options feature to enable or 
disable Messenger presence on a domain, post office, or user level. 


See “Show Messenger Presence” on page 1052. 


6.4 Updating Address Book Information 


Each post office database includes all the information displayed in the GroupWise Address Book 
that is stored in the domain. By keeping the information in the post office, the post office’s users 
have quick access to it. Whenever changes are made in eDirectory that affect Address Book 

information, the information is replicated to each domain database and each post office database. 


If information in a post office’s Address Book is out-of-date or missing, you can synchronize the 
missing information with eDirectory or rebuild the post office database to obtain updated 
information from the domain. 


+ Section 6.4.1, “Synchronizing Information,” on page 91 


¢ Section 6.4.2, “Rebuilding the Post Office Database,” on page 91 


6.4.1 Synchronizing Information 


The information for each object (user, resource, distribution list, and so forth) in the GroupWise 
Address Book is contained in eDirectory. When an object’s information is incorrect in a post office’s 
Address Book, you can synchronize the object’s information in the Address Book with the 
information stored in eDirectory. This causes the correct information to be replicated to each domain 
and post office database in the GroupWise system. For instructions, see Chapter 29, “Synchronizing 
Database Information,” on page 395. 


6.4.2 Rebuilding the Post Office Database 


If the post office Address Book is missing a lot of information, or if you are having other difficulties 
with information in the Address Book, you might want to rebuild the post office database. This 
causes all information to be replicated to the post office database from the domain database. For 
instructions, see Section 26.3, “Rebuilding Domain or Post Office Databases,” on page 381. 


6.5 Controlling Address Book Synchronization 
for Remote Client Users 


Before GroupWise 7, Remote client users received updated system Address Books based on the 
Refresh Address Books and Rules Every nn Days setting under Accounts > Mail > Properties > 
Advanced. The entire Address Book was downloaded to the Remote client according to the specified 
schedule. The downloadable version of the Address Book was created by the POA according to the 
schedule described in Section 36.4.3, “Performing Nightly User Upkeep,” on page 513 


Starting in GroupWise 7, the POA automatically updates the post office database with changes to the 
Address Book as they occur. As a result, whenever a Remote client connects to the GroupWise 
system, it automatically downloads any updates to the Address Book that have occurred since the 
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last time it connected. This means that Remote client users always have an up-to-date Address Book 
to work with. 


Because the Address Book updates are stored as records in the post office database (wphost . db), 
this feature causes the post office database to grow in size as time passes. Therefore, in ConsoleOne, 
you can specify the maximum number of days you want to store the incremental update records. The 
longer the incremental update records are stored, the larger the post office database becomes, which 
can impact available disk space and backup time. 


1 Browse to and select a Post Office object, then click Properties. 
2 Click GroupWise > Post Office Settings. 


Properties of Development 


NDS Rights v | Other | Rights to Files and Folders 





Network Type: Novell NetWare 





Software Distribution Directory: GroupWise 7 Software 





Access Mode: Client/Server Only 





Le} Leh Led Le 





Delivery Mode: Use App Thresholds 





Max Age for Address Book Updates: 15 4 days 
I Disable Live Move 
Restore Area: (Not Set) 


Remote File Server Settings 





Remote User Name: | 


Remote Password: Set Password 





Page Options... | Cancel | 





3 Inthe Max Age for Address Book Updates field, specify the number of days you want to retain 
Address Book update records. 


The default is 15 days. The maximum number of days is 90. 
4 Click OK to save the setting. 


Remote client users should not deselect Refresh Address Books and Rules Every nn Days because 
tules are still downloaded according to this schedule. Even if users do not want to download their 
tules, they still should not deselect this option because it would turn off the Address Book delta 
sync. They can, however, set the option to a greater number of days to cause the download of the full 
Address Book to occur less frequently. 


6.6 Enabling Wildcard Addressing 


By default, users address messages by selecting users and distribution lists from the Address Book. 
If you enable wildcard addressing, users can send items to all users in a post office, domain, 
GroupWise system, or connected GroupWise system by using asterisks (*) as wildcards in e-mail 
addresses. 


You can limit wildcard addressing to a specific level (system, domain, or post office) or allow 
unlimited wildcard addressing. The default is to limit the wildcard addressing to post office only, 
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meaning that a user can use wild card addressing to send to all users on his or her post office only. 
You can change the default for individual users, post offices, or domains. 


When using wildcard addressing, the sender only sees whether the item was delivered to a domain, 
post office, or system (by viewing the item’s properties). The properties do not show the individual 


usernames or additional statuses. Recipients can reply to the sender only. Reply to All is unavailable. 


+ Section 6.6.1, “Setting Wildcard Addressing Levels,” on page 93 
+ Section 6.6.2, “Wildcard Addressing Syntax,” on page 94 





NOTE: Wildcard addressing cannot be used for assigning shared folders or shared address books, 
granting proxy rights, performing busy searches, or sending routing slips. 





6.6.1 Setting Wildcard Addressing Levels 


By default, wildcard addressing is enabled at the post office level for all users in your GroupWise 
system. You can change the level (post office, domain, or system) or disable wildcard addressing. 


Wildcard addressing levels can be applied to a single user, to all users in a post office, or to all users 
in a domain. 


To set wildcard addressing defaults: 


1 In ConsoleOne, select a Domain, Post Office, or User object. 
2 Click Tools > GroupWise Utilities > Client Options to display the GroupWise Client Options 
dialog box. 


GroupWise Client Options R) 


Fea Close 
KS 
x Hel 
Environment Send ed 


a g 


Security Date and Time 





3 Click Send to display the Send Options dialog box. 
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KS send Options: jstevens 


Normal x S 
Priority 


C High ET [ Delay delivery 
© Standard al 


C Low 


I” Reply requested CY Limited to post office 


E 
e 





[ Allow use of "Reply to all” in rules 


[V Allow use of "Internet mail" tracking Allow reply rules to loop 


Restore Default Settings 


jail | Appt | Task | Note | Security | Disk Space Mgmt | Global Signature | 


[ Expiration date 


[o a 








Wildcard Addressing 











EI IV Notify recipients 


[ Convert attachments 

















Cox] Cancel Help 


4 Inthe Wildcard Addressing list, select from the following options: 


+ 


+ 


Not Allowed: Select this option to disable wildcard addressing. 


Limited to Post Office (Default): Select this option to limit wildcard addressing to the 
user's post office. The user can use wildcard addressing to send items to users in his or her 
post office only. 


Limited to Domain: Select this option to limit wildcard addressing to the user's domain. 
The user can use wildcard addressing to send items to users in his or her domain only. 


Limited to System: Select this option to limit wildcard addressing to the user's 

Group Wise system. The user can use wildcard addressing to send items to all users in his 
or her system only. This excludes external users (users from other systems) who have been 
added to your Group Wise address book. 


Unlimited: Select this option to allow unlimited use of wildcard addressing. The user can 
use wildcard addressing to send to all users (including external users and non-visible 
users) defined in the Group Wise address book. 


5 Click OK to save the changes. 


6.6.2 Wildcard Addressing Syntax 


The following table shows the syntax that must be used when using wildcard addressing to send 


items. 

Table 6-2 Wildcard Addressing 

Wildcard Addressing Setting To send an item to... Type in the To field... 
Limited to Post Office All users in your post office id 
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Wildcard Addressing Setting To send an item to... 


Limited to Domain All users in your post office 
All users in your domain 


All users in another post office in your 
domain 


Limited to System All users in your post office 
All users in your domain 


All users in another post office in your 
domain 


All users in a post office in another 
domain 


All users in another domain 
All users in your GroupWise system 
Unlimited 


All users in your post office 


All users in your domain 


All users in a different post office in your 


domain 


All users in a post office in another 
domain. You can also use this for 
external post offices and external 
domains. 


All users in a another domain. You can 


also use this for external domains. 


All users in the GroupWise address book 
(all users in the same system, all external 


users, and all non-visible users) 


Type in the To field... 


* 


*.post office 


*.post office 


*.post office.domain 


*.domain 


kkk 


* post_office 


* post_office.domain 


* domain 


kK 


6.7 Adding External Users to the GroupWise 


Address Book 


The GroupWise Address Book lists all users that belong to your GroupWise system. When users 
receive incoming messages, the senders are added to users’ Frequent Contacts Address Books to 
facilitate replying to users who are not included in the GroupWise Address Book. If necessary, you 
can configure GroupWise so that external (non-Group Wise) users appear in the GroupWise Address 


Book and are therefore available to all GroupWise users. 


The following sections help you add non-Group Wise users to the GroupWise Address Book: 


+ Section 6.7.1, “Creating a Non-Group Wise Domain to Represent the Internet,” on page 96 


¢ Section 6.7.2, “Linking to the Non-GroupWise Domain,” on page 96 


+ Section 6.7.3, “Creating a Non-Group Wise Post Office to Represent an Internet Host,” on 


page 98 
+ Section 6.7.4, “Creating External Users,” on page 100 
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6.7.1 Creating a Non-GroupWise Domain to Represent the 
Internet 


1 In ConsoleOne®, right-click Group Wise System (in the left pane), then click New > Non- 
GroupWise Domain. 


Create Non-GroupWise Domain 


Domain name: 
Time Zone: 
(GMT-07:00) Mountain Time (US 8 Canada) 











Link To Domain: 
Provo1 











1 Create another domain 





2 Fill in the fields: 


Domain Name: Specify a name that has not been used for another domain in your system (for 
example, Internet). 


Time Zone: This should match the time zone for the Internet Agent. If it does not, select the 
correct time zone. 


Link to Domain: Select a domain where the Internet Agent is running. 
3 Click OK to create the non-Group Wise domain. 
The non-Group Wise domain appears under GroupWise System in the left pane. 


4 Continue with Linking to the Non-GroupWise Domain. 


6.7.2 Linking to the Non-GroupWise Domain 


After you have created the non-GroupWise domain, you must modify the link between the domain 
where the Internet Agent is running and the non-GroupWise domain. This enables the GroupWise 
system to route all Internet messages to the MTA of the Internet Agent domain. The MTA can then 
route the messages to the Internet Agent, which sends them to the Internet. 


To modify the link to the non-Group Wise domain: 


1 In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration to display the Link 
Configuration tool. 


By default, the Link Configuration tool displays the links for the domain that you are currently 
connected to. 
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KS GroupWise Link Configuration Tool - K:lgwsystemiprovo1 
File Edit Search View Window Help 





Domain: Provot 
Outbound Links from Provat 


rOirect- = pindirect— — pUndefined — 
A, internet 
3, Prom? 
% Proog 


rDirect- — rindirect — 
4, Provoz 
% Prow3 














2 Ifthe Internet Agent domain is not the currently displayed domain, select it from the list of 
domains on the toolbar. 


The non-GroupWise domain should be displayed in the Direct column. In the graphic displayed 
under step 1, Internet is the non-GroupWise domain. 


3 Double-click the non-GroupWise domain to display the Edit Domain Link dialog box. 





NOTE: If you are prompted that the mapped path is empty, click Yes to dismiss the prompt and 
display the Edit Domain Link dialog box. 


KS Edit Domain Link 
Description: How Provo1 connects to Provo4 
Link Type: [Direct hd 
- Settings 
Protocol: [Mapped Y 
Path: Kigwsystemiprovo4 S Scheduling... 


Maximum send message size: 0 + MBytes 
Delay message size: 0 4 MBytes: 














i External Link Info... 





4 In the Link Type field, select Gateway. 


After you select Gateway, the dialog boxes changes to display the settings required for a 
gateway link. 


KS Edit Domain Link 
Description: How Provo1 connects to Internet 
Link Type: Gateway Y 
Settings 
Gateway Link 
Gateway Access String: 


Return Link: Provo1 





Maximum send message size: 0 4 MBytes: 
Delay message size: 0 4 MBytes 








5 Fill in the following fields: 
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Gateway Link: Select the Internet Agent. 


Gateway Access String: If you want to specify the conversion format (RFC-822 or MIME) for 
messages sent to the domain, include one of the following parameters: -rfc822 or -mime. If you 
do not use either of these parameters, the Internet Agent converts messages to the format 
specified in its startup file. The default is for MIME conversion (as specified by the Internet 
Agent’s /mime startup switch). 


Return Link: Leave this field as is. It does not apply to the Internet Agent. 


Maximum Send Message Size: If you want to limit the size of messages that the MTA for the 
Internet Agent domain passes to the Internet Agent, specify the maximum size. This is applied 
to all messages. If you want to limit the size of messages sent by specific users or groups of 
users, you can also use the Access Control feature. For details, see Section 47.1, “Controlling 
User Access to the Internet,” on page 747. 


Delay Message Size: If you want the MTA to delay routing of large messages to the Internet 


Agent, specify the message size. Any messages that exceed the message size are assigned a 
lower priority by the MTA and are processed after the higher priority messages. 


6 Click OK to save the changes. 


The non-Group Wise domain is moved from the Direct column to the Gateway column. For a 
description of the link symbols in front of the domain names, see the Help in the Link 
Configuration tool. 


KS GroupWise Link Configuration Tool - K:\gwsystem\provo1 
File Edit Search View Window Help 


Gateway Undefined 
A f Internet (GMA) 











7 Click the File menu, click Exit, then click Yes to exit the Link Configuration tool and save your 
changes. 


8 Continue with Creating a Non-GroupWise Post Office to Represent an Internet Host. 


6.7.3 Creating a Non-GroupWise Post Office to Represent an 
Internet Host 


When creating a post office to represent an Internet host, the post office name cannot be identical to 
the hostname because the period that separates the hostname components (for example, novell.com) 
is not a valid character for post office names. GroupWise reserves the period for its addressing 
syntax of user_ID.post_office.domain. Therefore, you should choose a name that is closely related 
to the hostname. 
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To create a non-GroupWise post office: 


1 In ConsoleOne, right-click the non-Group Wise domain that represents the Internet, then click 
New > External Post Office. 


Create External GroupWise Post Office 


Post office name: 





A Cancel 
Time Zone: 


I(GMT-07:00) Mountain Time (US & Canada) EI Help 








T Create another post office 





2 Fill in the following fields: 


Post Office Name: Specify a name to associate the post office with the Internet host. Do not 
use the fully-qualified hostname. 


Time Zone: Select the time zone in which the Internet host is located. 
3 Click OK to create the post office. 

The non-Group Wise post office is added under the non-GroupWise domain. 
4 Right-click the new non-GroupWise post office, then click Properties. 
5 Click GroupWise > Internet Addressing. 


Properties of ExampleHost 


Override | Preferred Address format: 


Not Defined 





Allowed Address Formats 


Not Defined 


Internet domain name: 





Not Defined 


Page Options... | Cancel | 








6 If you want to override the Group Wise system allowed address formats, select Override beside 
Allowed Address Formats, then select the allowed address formats for this Internet host. 


7 Beside Internet Domain Name, select Override, then specify the actual name of the Internet 
host that the external post office represents. 


8 Click OK to save your changes. 


9 Continue with Creating External Users. 
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6.7.4 Creating External Users 


By creating external users, you add them to the GroupWise Address Book for easy selection by 
Group Wise users when addressing messages. 


To add an Internet user to a post office: 


1 In ConsoleOne, right-click the post office that represents the user's Internet host, then click 
New > External User. 


Create GroupWise External User 


User Name: 


| 





Cancel 





[ Create another external user 





Help 





2 Inthe User Name field, specify the exact user portion of the user’s Internet address. If the 
address is jsmith@novell.com, the portion you would specify is jsmith. 


3 Click OK to create the external user. 

4 Provide personal information about the external user: 
4a Right-click the new External User object. 
4b Fill in the desired fields on the Identification page. 


Because the user is displayed in the GroupWise Address Book, you might want to define 
the user’s first name and last name. This is especially important if the allowed address 
formats for the Internet host include first name and last name information. 


4c Click OK to save the user’s personal information. 


If you have only a few users on some Internet hosts, you can create a single external post office for 
these users, then define their Internet domain names on the Identification pages of the External User 
objects instead of on the External Post Office object. 


6.8 Facilitating Addressing through GroupWise 
Gateways 


Current GroupWise Gateways, such as the GroupWise Gateway 2.0 for Microsoft* Exchange and 
the GroupWise Gateway 3.0 for Lotus Notes*, provide convenient addressing features for users on 
both sides of the gateway. Earlier GroupWise gateways made use of addressing rules to simplify 
addressing through the gateway. Setting up addressing rules is not necessary for current GroupWise 
gateways. 


Addressing rules let you search for text in an address and replace it with other text. Addressing rules 
are created at the system level and enabled by domain. Gateway-specific instructions are available 
on the GroupWise Gateways documentation page (http://www.novell.com/documentation/ 
gwgateways). The following sections provide some general instructions for setting up addressing 
rules: 


+ Section 6.8.1, “Creating an Addressing Rule,” on page 101 
¢ Section 6.8.2, “Enabling an Addressing Rule,” on page 102 


100 GroupWise 7 Administration Guide 


6.8.1 Creating an Addressing Rule 


1 In ConsoleOne, click Tools > GroupWise System Operations > Addressing Rules. 


Ka Define Addressing Rules 


Addressing Rules 











OK | Cancel | Help | 








2 Click New to display the New Addressing Rule dialog box. 


New Addressing Rule 





Name: | 


Description: 


Search String: [ 








Replace With: | 


Test Rule 


Enter an address and click Test. 
Test address: 


Results: | 





Lox | Cancel Help 





3 Fill in the following fields: 


Description: Specify a short description for the rule. The description is what appears when the 
tule is listed in the Addressing Rules dialog box. 


Name: Specify the name you want to use for the rule. 


Search String: Specify the text string that determines which addresses the rule is applied to. 
You can use an asterisk as a wildcard to represent one or more characters. For example, if you 
want the rule to apply to all addresses with JSmith as the userID, specify jsmith.*.* (the first 
asterisk represents the post office and the second represents the domain). 


Replace With: Specify the replacement text. You can use variables (%1, %2, and so forth) to 
reference the wildcard text used in the search string. For example, if you use two wildcards in 
the search string, you could use two variables (%1 and %2) to insert the matched wildcard text 
into the replacement string. %1 (replace string 1) replaces the first wildcard in the search string, 
%2 replaces the second wildcard, and so on. The replacement variables must be placed in the 
string according to the order required for the explicit address, not according to their numerical 
order (for example, %2 could come before %1). 


Using the jsmith.*.* example, assume that you want to replace jsmith with jjones. You would 
specify jjones.%1.%2. The resulting addressing would include the same post office and domain 
but a different userID. 
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4 If desired, you can test the rule on an address. To do so, specify an address in the Test Address 
dialog box (the address does not have to be real) > click Test to see the results. 


5 Click OK to add the rule to the list. 


The rule is automatically enabled, which means that it is available for use. To apply it to a 
domain, however, you need to enable it in the domain. For instructions, see Section 6.8.2, 
“Enabling an Addressing Rule,” on page 102. 


6 If necessary, select the rule, then use the up-arrow and down-arrow to move the rule to the 
position in which you want it executed. 


Addressing rules are executed in the order they are listed. When an addressing rule is applied to 
an address, no further addressing rules are applied. 


7 When you are finished creating rules, click OK to close the Define Addressing Rules dialog 


box. 


6.8.2 Enabling an 


Addressing Rule 


After you create an addressing rule, you need to enable it in the domains where you want it applied. 


1 In ConsoleOne, right-click the Domain object, then click Properties. 


Properties of Provo1 


GroupWise + | NDS Rights + | Other | Rights to Files and Folders | 


Identification | 


Domain: 


Description: 


UNC Path: 
Language: 
Domain Type: 
Time Zone: 
Database Version: 


Network Type: 


Administrator: 


Page Options... 








WBD-NVVisysigwsystem 





English - US 


Primary 





(GMT-07:00) Mountain Time (US & Canada) 
7 





Novell NetWare 





Cancel 





2 Click GroupWise > Addressing Rules. 


The list displays all addressing rules that have been made available in the system. However, an 
addressing rule does not apply to the domain until you enable it. 
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Properties of Provo1 
‘GroupWise +" | NDS Rights + | Other | Rights to Files and Folders | 
| Addressing Rules i 


Addressing rules used by this domain: 
T Character Substitution 





ok | Cence | apov | 








3 Click the check box in front of an addressing rule to enable it. 


4 When you are finished enabling rules, click OK to save your changes. 
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Multilingual GroupWise Systems 


GroupWise” is a multilingual e-mail product that meets the needs of users around the world. The 
following sections provide guidance if your GroupWise system includes users that speak a variety of 
languages: 

¢ Section 7.1, “Client Languages,” on page 105 

+ Section 7.2, “Administration Languages,” on page 106 

¢ Section 7.3, “International Character Considerations,” on page 106 


+ Section 7.4, “Multi-Language Workstations,” on page 107 


7.1 Client Languages 


You can run the GroupWise client in the following languages: 


Arabic Hungarian 
Czech Italian 
Chinese - Simplified Japanese 
Chinese - Traditional Korean 
Danish Norwegian 
Dutch Polish 
English Portuguese 
Finnish Russian 
French Spanish 
German Swedish 
Hebrew 


Users can select the languages they want when they install the Group Wise client. If users have 
access to the GroupWise client media, they can choose from all languages. If users are installing 
from a software distribution directory, they can choose from the languages you installed in the 
software distribution directory, as described in “GroupWise Languages” in “Installing a Basic 
GroupWise System” in the GroupWise 7 Installation Guide. The maximum disk space required to 
store all the GroupWise software components for one language in the software distribution directory 
is approximately 500 MB. Each additional client language adds about 20 MB. 


Users should have at least 200 MB available on their workstations to install the GroupWise client 
software in one language. Users need an additional 20 MB of disk space for each additional 
language they install. 


By default, the GroupWise client starts in the language of the operating system, if it is available. If 
the operating system language is not available, the next default language is English. When starting 
the GroupWise client, you can use the /l startup switch to override the English default and select an 
interface language from those that have been installed. 
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The online help available in the GroupWise clients is provided in all languages into which the client 
software is translated. The GroupWise client user guides available from the GroupWise clients and 
on the GroupWise Documentation Web site are translated only into the administration languages. If 
you try to access a user guide from a client that is running in a language into which the user guide 
has not been translated, you can select any of the available languages. 


By default, the GroupWise clients use UTF-8 for MIME encoding. This accommodates the character 
sets used by all supported languages. 


7.2 Administration Languages 


You can run the Group Wise Installation program, administer your GroupWise system in 
ConsoleOne®, and run the Group Wise agents in the following languages: 


English 
French 
German 
Portuguese 


Spanish 


When you select a language for a domain, it determines the sorting order for items in the GroupWise 
Address Book. This language becomes the default for post offices that belong to the domain. You 
can override the domain language at the post office level if necessary. 


For example, if you set the domain and post office language to English-US, the Address Book items 
are sorted according to English-US sort order rules. This is true even if some users in the post office 
are running non-English-US Group Wise clients such as German or Japanese. Their client interface 
and Help files are in German or Japanese, but the sort order is according to English-US standards. 


By default, the agents start in the language selected for the domain. If that language has not been 
installed, the agents start in the language used by the operating system. If that language has not been 
installed, the agents start in English-US. 


The POA also includes language-specific files in all client languages so that information returned 
from the POA to the GroupWise client, such as message status and undeliverable messages, is 
displayed in the language of the GroupWise client rather than the language in which the POA 
interface is being displayed. 


7.3 International Character Considerations 


GroupWise client users have complete flexibility in the characters they use in composing messages. 
Accented characters used by various European languages and double-byte characters used by 
various Asian and Middle Eastern languages are all acceptable in the GroupWise client and can even 
be combined in the same message text. 


As an administrator, the only limitation you need to be aware of is that double-byte Asian and 
Middle Eastern characters should not be used in directory names and filenames within your 

Group Wise system. This limitation is based on operating system capabilities. You should also not 
use double-byte characters in passwords. You are free to use double-byte characters in GroupWise 
usernames, domain names, post offices names, and so on. 
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7.4 Multi-Language Workstations 


If GroupWise users receive messages in multiple languages, their workstations need to be 
configured to handle the character sets used by these languages. 


On Windows XP: 


1 From the Control Panel, double-click Regional and Language Options, then click Languages. 


2 Ifyou receive messages in Arabic, Hebrew, or other complex languages, select /nstall Files for 
Complex Script and Right-to-Left Languages. 


3 If you receive messages in Chinese, Japanese, or other similar languages, select /nstall Files for 
East Asian Languages. 


4 Click OK to install the required language files. 
On Windows 2000: 


1 From the Control Panel, double-click Regional Options. 


2 Select the languages you want to use on the workstation, then click OK to install the required 
language files. 


On Linux and Macintosh workstations, if users see the correct characters at the operating system and 
desktop levels, they see the correct characters in Group Wise as well. 
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Domains 


+ Chapter 8, “Creating a New Domain,” on page 111 
+ Chapter 9, “Managing Domains,” on page 127 
¢ Chapter 10, “Managing the Links between Domains and Post Offices,” on page 137 
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Creating a New Domain 


As your GroupWise® system grows, you might need to add new domains. 


+ Section 8.1, “Understanding the Purpose of Domains,” on page 111 
¢ Section 8.2, “Planning a New Domain,” on page 112 

+ Section 8.3, “Setting Up the New Domain,” on page 122 

+ Section 8.4, “What's Next,” on page 124 

¢ Section 8.5, “Domain Worksheet,” on page 125 





IMPORTANT: If you are creating a new domain in a clustered GroupWise system, see the 
GroupWise 7 Interoperability Guide before you create the domain: 





8.1 Understanding the Purpose of Domains 


The domain functions as the main administrative unit for your GroupWise system. Each Group Wise 
system has one primary domain, which was created when you first installed GroupWise. All other 
domains that you add are secondary domains. 


The domain serves as a logical grouping of one or more post offices and is used for addressing and 
routing messages. Each GroupWise user has a GroupWise address that consists of a user ID, the 
user’s post office name, the GroupWise domain name, and, optionally, an Internet domain name. 


The following diagram illustrates the logical organization of a GroupWise system with multiple 
domains and post offices. All of the objects under the domain belong to that domain. All of the 
objects under a post office belong to that post office. 


Figure 8-1 Logical Organization of a GroupWise System with Multiple Domains and Post Offices 


GroupWise 
System 
Primary Secondary 
Domain Domain 
Message Message 
O—# Transfer O—# Transfer 
Agent Agent 
GR orn hee À GR or. ee À 
GR irice office À Q Ge office À 
2? 
Office 
Agent 


3344328 888 888 


GroupWise Users GroupWise Users GroupWise Users GroupWise Users 


Messages are moved from user to user through your GroupWise system by the GroupWise agents. 
As illustrated above, each domain must have a Message Transfer Agent (MTA) running for it. The 
MTA transfers messages between domains and between post offices in the same domain. Each post 
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office must have at least one Post Office Agent (POA) running for it. The POA delivers messages to 
users’ mailboxes and performs a variety of post office and mailbox maintenance activities. 


When you add a new domain to your Group Wise system, links define how messages are routed from 
one domain to another. When you add the first secondary domain, the links between the primary and 
secondary domains are very simple. As the number of domains grows, the links among them can 
become quite complex. Links are discussed in detail in Chapter 10, “Managing the Links between 
Domains and Post Offices,” on page 137. 


Physically, a domain consists of a set of directories that house all the information stored in the 
domain. To view the structure of a domain directory, see “Domain Directory” in GroupWise 7 
Troubleshooting 3: Message Flow and Directory Structure. The domain directory does not contain 
mailboxes or messages, but it does contain other vital information. For an overview, see 

Section 40.3, “Information Stored in the Domain,” on page 606. Domain directories can be located 
on NetWare®, Linux, and Windows servers. 


8.2 Planning a New Domain 


After you have your basic GroupWise system up and running, you might need to expand it by 
adding one or more domains. The GroupWise architecture lets you create a simple, single domain 
system, or a complex system that links dozens of domains across a campus, a city, or around the 
world. 


This section provides the information you need in order to decide when, where, and how to set up a 
new domain. The “Domain Worksheet” on page 125 lists all the information you need. You should 
print the worksheet and fill it out as you complete the tasks listed below. 

+ Section 8.2.1, “Determining When to Add a New Domain,” on page 112 

+ Section 8.2.2, “Deciding Who Will Administer the New Domain,” on page 113 

¢ Section 8.2.3, “Planning Post Offices in the New Domain,” on page 114 

+ Section 8.2.4, “Determining the Context for the Domain Object,” on page 114 

+ Section 8.2.5, “Choosing the Domain Name,” on page 116 

¢ Section 8.2.6, “Deciding Where to Create the Domain Directory,” on page 117 

¢ Section 8.2.7, “Deciding Where to Install the Agent Software,” on page 118 

¢ Section 8.2.8, “Deciding How to Link the New Domain,” on page 121 

+ Section 8.2.9, “Selecting the Domain Language,” on page 121 

¢ Section 8.2.10, “Selecting the Domain Time Zone,” on page 121 


After you have completed the tasks and filled out the “Domain Worksheet” on page 125, you are 
ready to continue with Section 8.3, “Setting Up the New Domain,” on page 122. 


8.2.1 Determining When to Add a New Domain 


How do you know when you should add a domain? The answer to this depends on your 
administration policies and on physical and logical network organization. 
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Although a single domain can contain as many post offices and users as you want to add, there are 
some conditions that indicate the need for a new domain: 


+ Administrative Convenience: To spread out the administrative workload, you can create one 
or more new domains with their own administrators. Each new domain can be managed by a 
different administrator as long as each administrator has sufficient rights to connect to it and 
write to the domain database. 


+ Remote Sites: If communication between servers is slow, or if you have remote sites, you can 
add a new domain to minimize mail traffic between the servers. For example, if you have 
locations in three separate cities, you might have an organization that represents each location. 
You could then create a domain in each organization. You could administer all of the domains 
from one location or you could assign a different administrator for each one. 


+ Demand on the MTA: Each domain has its own MTA that routes messages between post 
offices within its domain. If your current domain has many post offices that are placing a heavy 
workload on the MTA, you might want to create another domain to handle additional post 
offices. 


+ Multiple eDirectory Trees: All of the objects that are logically subordinate to a GroupWise 
domain must be in the same Novell® eDirectory™ tree as the domain. If you have users in other 
eDirectory trees that need GroupWise accounts, you must create secondary domains and post 
offices in each tree. 


8.2.2 Deciding Who Will Administer the New Domain 


Any user who is an Admin equivalent can administer GroupWise. We recommend that whoever 
creates the new domain should be an Admin equivalent so that he or she has the necessary rights to 
create objects and directories. You can then assign a different user as a domain administrator and 
limit rights to other objects if necessary. For more information, see Chapter 75, “GroupWise 
Administrator Rights,” on page 1139. 


Depending upon the size, complexity, and layout of your eDirectory tree, you might choose a 
centralized administration model with one person administering both eDirectory and GroupWise, or 
you might choose a distributed administration model with the administration workload shared by 
two or more individuals. With a distributed administration model, each administrator obtains rights 
to the GroupWise objects and directory structures over which he or she has jurisdiction. If you want 
to restrict access to some network operations or to certain domains, you can limit access rights to 
domains the user should not administer. 


The user assigned as the administrator must be able to create or modify objects in the domain and 
will receive an e-mail message whenever an agent encounters a problem. You can designate 
yourself, one or more other users, or a distribution list as an administrator. 


WORKSHEET 


Under Item 10: Domain Administrator, enter the ID of the user or distribution list that will administer this 
domain. 


The items in the worksheet are listed in the order you will enter them when setting up your domain. 
This planning section does not follow the same order as the worksheet, but all worksheet items are 
covered. 
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8.2.3 Planning Post Offices in the New Domain 


Before adding the new domain, you should plan the post offices that you want to belong to the 
domain. You should consider the following issues when planning post offices. 


¢ Physical Organization: If your network spans several sites, you might want to create post 
offices (if not domains) at each physical location. This reduces the demands on long-distance 
network links. 


¢ Logical Organization: Grouping users who frequently send messages to each other is faster 
and generates less network traffic than if messages travel between different post offices and 
domains. 


+ Number of Users: A typical post office can serve from 1000 to 2500 users, depending on its 
configuration. Larger post offices are possible, but grouping similar users might be preferable. 


+ Demand on the POA: Each post office has at least one POA that delivers messages to user 
mailboxes and performs other post office maintenance tasks. It is possible to run multiple 
POAs, located on different servers, for the same post office, or you might prefer to create 
multiple post offices. 


For more details, see Section 11.2, “Planning a New Post Office,” on page 156. 


8.2.4 Determining the Context for the Domain Object 


When deciding where to place the new Domain object in the eDirectory tree, you should consider 
how you can most easily administer GroupWise and how the domain and its associated post offices 
fit into the logical organization of your eDirectory tree. 


Domains and their associated objects, including Post Offices, Users, Resources, and Distribution 
Lists, must be located in the same eDirectory tree. If you have multiple trees, you must create a 
separate domain in each tree. The domains can all belong to the same GroupWise system, even 
though they are located in different trees. 


You can place the domain in any Organization or Organizational Unit container in any context in an 
eDirectory tree. The following sections provide some examples of how domains can be placed in the 
eDirectory tree: 

+ “GroupWise Objects Reflect Physical Locations” on page 115 

+ “GroupWise Objects Reflect Company Organization” on page 115 

+ “GroupWise Objects Are Grouped with Servers” on page 115 

+ “GroupWise Objects Are Located in a Separate GroupWise Container” on page 116 


WORKSHEET 


Under Item 1: Tree Name, specify the name of the eDirectory tree where you plan to create the new 
domain. 


Under Item 2: eDirectory Container, specify the name of the eDirectory container where you plan to 
create the new domain. 
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GroupWise Objects Reflect Physical Locations 


The Group Wise system below focuses on the physical layout of the company. Because most mail 
traffic is probably generated by users in the same location, the mail traffic across the WAN is 
minimized. An organizational unit is created for each site. A domain is created under each 
organizational unit, corresponding to the city. The sites can be administered centrally or at each site. 
Administrator rights can be assigned at the domain level. 


Figure 8-2 A GroupWise System Following the Company s Physical Organization 
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GroupWise Objects Reflect Company Organization 


The following Group Wise system focuses on departmental organization, as does the eDirectory tree. 
Group Wise domains and post offices parallel eDirectory organizational units, placing the domains 
and post offices within the organizational units containing the users that belong to them. 


Figure 8-3 A GroupWise System Following the Company s Departmental Organization 
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GroupWise Objects Are Grouped with Servers 


Because domains and post offices have directory structures on network servers, you could also 
choose to place the Domain and Post Office objects in the same context as the servers where the 
directories reside, as shown in the following example. 
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Figure 8-4 A GroupWise System with the Domains And Post Offices Grouped with the Servers 
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GroupWise Objects Are Located in a Separate GroupWise Container 


Domains and post offices can also be created in their own organizational unit. Administratively, this 
approach makes it easier to restrict a GroupWise administrator’s object and property rights to 
GroupWise objects only. For information about GroupWise Administrator rights, see Section 8.2.2, 
“Deciding Who Will Administer the New Domain,” on page 113. 


Figure 8-5 Groupwise Objects Located in Their Own Organizational Unit 
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8.2.5 Choosing the Domain Name 


The domain reguires a unigue name. The name is used as the Domain object*s name in eDirectory. It 
is also used for addressing and routing purposes within Group Wise, and might appear in the 
Group Wise Address Book. 


The domain name can reflect a location, company name or branch name, or some other element that 
makes sense for your organization. For example, you might want the domain name to be the location 
(for example, Provo) while the post office name is one of the company’s departments (for example, 
Research). Name the new domain carefully. After it is created, the name cannot be changed. 


The domain name should consist of a single string. Use underscores ( ) rather than spaces as 
separators between words to facilitate addressing across the Internet. Do not use any of the 
following invalid characters in the domain name: 


ASCII characters 0-13 Comma , 


Asterisk * Double quote “ 
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At sign @ Extended ASCII characters that are graphical or typographical 
symbols; accented characters in the extended range can be used 


Braces { } Parentheses ( ) 
Colon : Period . 
WORKSHEET 


Under Item 3: Domain Name, specify the domain name. 


Under Item 8: Domain Description, provide a description for the new domain. 


8.2.6 Deciding Where to Create the Domain Directory 


Logically, the Domain object resides in eDirectory and is administered through ConsoleOne®. 
Physically, the domain has a directory structure for databases, message queues, and other files. The 
domain directory structure can be created on any of the supported platforms listed in “Group Wise 
Administration Requirements” in the GroupWise 7 Installation Guide. It can also be located on any 
platform that an MTA running on a supported platform can access successfully. The server where 
you create the domain directory structure can be in the same tree as the Domain object or in another 
tree. 


Many different configurations are possible. When deciding where to create the domain directory, 
you should consider the following. 


+ Domain Directory Space Requirements: The domain directory requires less than 10 MB of 
free disk space. However, this requirement could increase as your system grows. 


+ Network Access by the MTA: If the MTA is not installed on the same server with the domain 
directory, the MTA must have direct network access to the domain directory so that it can write 
to the domain database (wpdomain.db) and, depending on link configuration, to the post office 
directories so that it can write to the POA input queues. This issue is discussed in detail in 
Section 8.2.7, “Deciding Where to Install the Agent Software,” on page 118. 


+ Security from User Access: Users never need access to the domain directory so you should 
create it in a location you can easily secure; otherwise, you could have files inadvertently 
moved or deleted. 


Choose an empty directory for the new domain. If you want, the directory can reflect the name of the 
domain, for example, res_dev for the Research and Development domain. Use the following 
platform-specific conventions: 


NetWare: Use a maximum of 8 characters 
Linux: Use only lowercase characters 


Windows: No limitations. 


Choose the name and path carefully. After the domain directory is created, it is difficult to rename it. 
If the directory you specify does not exist, it is created when you create the domain. Do not create 
the domain directory under another domain or post office directory. 
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WORKSHEET 


Under Item 4: Domain Database Location, enter the full path for the domain directory. 


Under Item 9: Network Type, enter the type of network in use at that location. 


8.2.7 Deciding Where to Install the Agent Software 


You must run a new instance of the MTA for each new domain. To review the functions of the MTA 
for the domain, see Section 40.4, “Role of the Message Transfer Agent,” on page 608. For complete 
installation instructions and system requirements, see “Installing GroupWise Agents” in the 
GroupWise 7 Installation Guide. 


When planning the installation of the MTA, you need to consider how the new domain links to 
existing domains and how the new domain will link to its post offices. For an overview of link 
configuration, see Chapter 10, “Managing the Links between Domains and Post Offices,” on 
page 137. 


The MTA requires direct network access to the domain directory so that it can write to the domain 
database (wodomain . db) and, depending on the link configuration, to each post office directory so 
that it can write to the POA input queues. Consider the following alternatives when selecting a 
location for the MTA relative to the domain and its post offices: 


+ “MTA Access to the New Domain: Local vs. Remote” on page 118 
+ “MTA Access to New Post Offices: Mapped and UNC Links vs. TCP/IP Links” on page 119 


+ “Cross-Platform Access Issues” on page 120 


WORKSHEET 


Under Item 11: Agent Location, indicate whether you plan to run the MTA on the same server where the 
domain directory is located (recommended), or on a different server. 


Under Item 12: Agent Platform, enter the platform of the server where the MTA will run (NetWare, Linux, 
or Windows). 
MTA Access to the New Domain: Local vs. Remote 


Running the MTA locally on the same server where the domain and post offices reside simplifies 
network connections (no login is required), reduces network traffic, and protects database integrity. 
In the following diagram, the agent software is installed on the same server where the domain and 
post office reside. 


Figure 8-6 Agent Software on the Same Server with the Domain and Post Office 


POA MTA 2 POA MTA 2 
CC Acct-Dom C2 Dev-Dom 
Acct-PO1 Dev-PO1 
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Running the MTA on a remote server allows you to place the heaviest processing load on your 
highest performing server. In the following diagram, the agent software is installed on a different 
server from where the domains and post offices reside. 


Figure 8-7 Agent Software on a Different Server than the Domain and Post Office 
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When you run the MTA on a different server from where its directory structures and databases are 
located, you need to provide adequate access. 


NetWare: If the NetWare MTA needs direct network access to another NetWare server, you must 
add the /dn switch or the /user and /password switches to the MTA startup file to provide 
authentication information. 


Linux: If the Linux MTA needs direct network access to another Linux server, you must mount the 
file system where the domain is located before you start the Linux MTA. 


Windows: If the Windows MTA needs direct network access to another Windows server, you must 
map a drive to the other server before you start the Windows MTA. 


MTA Access to New Post Offices: Mapped and UNC Links vs. TCP/IP Links 


If the new domain will include multiple post offices, the post offices will probably reside on 
different servers from where the domain is located. If you plan to use mapped or UNC links between 
the domain and its post offices, the MTA requires the same access to the post office directories as it 
requires to the domain directory. 


Figure 8-8 MTA Access Using Mapped or UNC Links 
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NetWare: If the NetWare MTA needs access to a post office on another NetWare server, you must 
add the /dn switch or the /user and /password switches to the MTA startup file to provide 
authentication information. 


Linux: N/A. The Linux MTA requires TCP/IP links to the POA. 
Windows: If the Windows MTA needs access to a post office on another Windows server, you must 


map a drive to the other server before you start the Windows MTA. 


To avoid these direct network access requirements between the MTA and its post offices, you can 
use TCP/IP links between the domain and its post offices. 
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Figure 8-9 MTA Access Using TCP/IP Links 
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When using TCP/IP links, the MTA does not write message files into message queues in the post 
office directory structure. Instead, the MTA communicates the information to the POA by way of 
TCP/IP and then the POA uses its direct network access to write the information. 


Cross-Platform Access Issues 


In most cases, it is most efficient if you match the MTA platform with the network operating system 
where the domain resides. For example, if you create a new domain on a NetWare server, use the 
NetWare MTA. 


If you decide not to run the MTA on the same platform as the domain, the MTA must still have 
direct network access to the domain directory so that it can write to the domain database 
(wodomain. db). For example, you could set up the new domain on a NetWare server and run the 
Windows MTA on a Windows server to service it. 


Figure 8-10 A Domain on a NetWare Server and the MTA on a Windows Server 
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However, the NetWare MTA could not service a domain located on a Windows server because 
Windows does not support the reguired cross-platform connection. 


If you are using mapped or UNC links to post offices, the MTA must also have direct network access 
to the post office directories so that it can write messages files into the post office message queues. 

You could, for example, run the agents on an Windows server while domains and post offices were 

located on NetWare servers. 


Figure 8-11 Agents on a Windows Server and Domains and Post Offices on a NetWare Server 
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Again, the opposite combination of NetWare agents servicing domains and post offices on Windows 
servers is not an option because Windows does not support the required cross-platform connection. 


To avoid these cross-platform access issues, use TCP/IP links between a domain and its post offices. 
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For more detailed information, see Section 40.7, “Cross-Platform Issues between Domains and Post 
Offices,” on page 609. 


8.2.8 Deciding How to Link the New Domain 


Domain links tell the MTAs how to route messages between domains. Properly configured links 
optimize message flow throughout your GroupWise system. For a review of link types, see 
Section 10.1.1, “Domain-to-Domain Links,” on page 137. 


When you create the new domain, you link it to one existing domain. By default, this link is a direct 
link using TCP/IP as the link protocol, which means the new domain’s MTA communicates with the 
existing domain’s MTA through TCP/IP. If desired, you can configure the direct link to use a UNC 
path as the link protocol, which means the new domain’s MTA transfers information to and from the 
existing domain by accessing the existing domain’s directory. 


WORKSHEET 


Under Item 7: Link to Domain, specify the existing domain that you want to link the new domain to, then 
specify the link protocol (TCP/IP or UNC path). 


After you create the new domain, you can configure links to additional domains as needed. See 
Section 10.2, “Using the Link Configuration Tool,” on page 143. 


8.2.9 Selecting the Domain Language 


The domain language determines the default sort order for items in the GroupWise Address Book 
for users in post offices that belong to the domain. For more information, see Section 11.2.8, 
“Selecting the Post Office Language,” on page 165. 


WORKSHEET 


Under Item 5: Domain Language, specify the domain language. 


8.2.10 Selecting the Domain Time Zone 


When a message is sent from a user in one time zone to a user in another time zone, GroupWise 
adjusts the message’s time so that it is correct for the recipient’s time zone. For example, if a user in 
New York (GMT -05:00, Eastern Time) schedules a user in Los Angeles (GMT -08:00, Pacific 
Time) for a conference call at 4:00 p.m. Eastern Time, the appointment is scheduled in the Los 
Angeles user’s calendar at 1:00 p.m. Pacific Time. 


The domain time zone becomes the default time zone for each post office in the domain. 


WORKSHEET 


Under Item 6: Domain Time Zone, enter the time zone. 
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8.3 Setting Up the New Domain 


You should have already reviewed Section 8.2, “Planning a New Domain,” on page 112 and filled 


out Section 8.5, “Domain Worksheet,” on page 125. Complete the following tasks to create the new 
domain. 


+ Section 8.3.1, “Creating the New Domain,” on page 122 
+ Section 8.3.2, “Configuring the MTA for the New Domain,” on page 123 
+ Section 8.3.3, “Installing and Starting the New MTA,” on page 124 


8.3.1 Creating the New Domain 


1 Make sure you are logged in to the tree where you want to create the domain (worksheet item 


1). 


Click Tools > GroupWise Utilities > Check eDirectory Schema to make sure that the tree’s 
schema has been extended to accommodate GroupWise objects. 


2 


In ConsoleOne®, browse to and right-click the eDirectory container where you want to create 
the domain (worksheet item 2), then click New > Object. 


New Object 


Create object in: 
æ CORP. TREE/GroupWise 


Class: 





SO GroupWise Distribution List 
t GroupWWise Domain 

[a GroupWise External Entity 
M GroupWise Library 

Ch GroupVVise Post Office 

@ GroupWise Resource 

ER httpServer 

ID :. a 





4 Double-click GroupWise Domain, then fill in the fields in the Create GroupWise Domain 
dialog box (worksheet items 3 through 7). 


Create GroupWise Domain 


Domain name: 





Domain Database Location: 





Language: 
English - US 





Time Zone: 





(GMT-05:00) Eastern Time (US 8 Canada) 


Message Transter Agent Platform: 
NetWare 





Link To Domain: 











Provo1 


IV Configure link 


[7 Define additional properties 


IT Create another domain 





5 Make sure the Configure Links and Define Additional Properties options are selected, then 
click OK to display the Link Configuration Wizard. 
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Link Configuration Wizard 


MTA Link 


The Message Transfer Agent (MTA) can link to the other domain through 
a TCPAP connection to the other domain's MTA or a direct connection to 
the other domain's directory. 


Novell. 


How do you want the MTA to link to the other domain? 
© Direct link 


© TCPAP link 














Cancel He | 





6 Follow the on-screen instructions to define how the new domain links to the existing domain 
(listed in the Link to Domain field). When you’ ve finished defining the link, ConsoleOne 
creates the Domain object and displays the domain Identification page. 


Properties of Provo1 


GroupWise + | NDS Rights + | Other | Rights to Files and Folders | 
Identification 


Domain: Provot 





Description: 





UNC Path: | WED-Nisysigweystem 





Language: [Engish -US 


Domain Type: Primary 





Time Zone: |comr-o7:00) Mountain Time (US & Canada) 


Database Version: i 





Network Type: [Noven NetWare 





Administrator: [ 


Page Options... | Cancel | 








7 Fillin the fields that have not been filled in for you (worksheet items 8 through 10). 


8 Click OK to save the domain information. 


8.3.2 Configuring the MTA for the New Domain 


Although there are many MTA settings, the default settings are sufficient to get your domain 
operational. However, there are a few important settings that you can conveniently modify before 
you install the agent software. 


1 In ConsoleOne, double-click the new Domain object. 
2 Right-click the MTA object, then click Properties to display the MTA Identification page. 
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Properties of MTA 
DS Rights + | Other | Rights to Files and Folders | 


Domain: Provo3 
Distinguished Name: MTA.Prov03.GroupWise 
Name: MTA 


Agent Type: Message Transfer 





Description: ie Message Transfer Agent 








Platform: [Linux 


Page Options... Cancel 








3 Specify a description for the MTA. 
This description displays on the MTA agent console as the MTA runs. 
4 Select the platform where the MTA will run (worksheet item 12). 


5 If you have multiple domains in your system and want to use TCP/IP to link to the other 
domains (worksheet item 7), follow the instructions in Section , “Using TCP/IP Links between 
Domains,” on page 618. 


6 If you have created the domain in a clustered environment, follow the instructions in the 
appropriate section of the GroupWise 7 Interoperability Guide. 


7 To ensure that user information in the new domain stays synchronized with user information in 
eDirectory, follow the instructions in Section 41.4.1, “Using eDirectory User 
Synchronization,” on page 638. 


8 For more MTA configuration options, see Section 9.6, “Changing MTA Configuration to Meet 
Domain Needs,” on page 135. 


9 Click OK to save the MTA configuration information. 


8.3.3 Installing and Starting the New MTA 


To install the MTA for the new domain to the location recorded under worksheet item 11, follow the 
instructions in “Installing GroupWise Agents” in the GroupWise 7 Installation Guide. 


Continue with What’s Next. 


8.4 What’s Next 


After you have added the new domain and started its MTA, you are ready to continue to expand and 
enhance your GroupWise system by: 


¢ Configuring the Address Book for the new domain. See “GroupWise Address Book” on 
page 85 


+ Adding post offices to the new domain. See “Post Offices” on page 153. 
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¢ Configuring the MTA for optimal performance. See “Message Transfer Agent” on page 603. 


+ Setting up GroupWise Monitor to monitor the GroupWise agents. See “Monitor” on page 963. 


+ Connecting domains and GroupWise systems across the Internet using the GroupWise Internet 
Agent. See “Internet Agent” on page 701. 


+ Connecting domains and GroupWise systems using gateways. For a list of gateways, see the 
Group Wise Gateways Documentation Web site (http://www.novell.com/documentation/ 


gwgateways). 


8.5 Domain Worksheet 


Use this worksheet as you complete the tasks described in Section 8.2, “Planning a New Domain,” 


on page 112. 


Item 


1) Tree Name: 


2) eDirectory Container: 


3) Domain Name: 


4) Domain Database 
Location: 


5) Domain Language: 


6) Domain Time Zone: 


7) Link to Domain: 


Link Protocol: 


+ UNC path 


+ TCP/IP 
Address: 
Port: 


Explanation 


Specify the name of the eDirectory tree where you want to create the 
secondary domain. 


For more information, see Section 8.2.4, “Determining the Context for the 
Domain Object,” on page 114. 


Specify the name of the eDirectory container where you want to create the 
new domain. 


For more information, see Section 8.2.4, “Determining the Context for the 
Domain Object,” on page 114. 


Specify a name for the new domain. Choose the name carefully. After the 
domain is created, it cannot be renamed. 


For more information, see Section 8.2.5, “Choosing the Domain Name,” on 
page 116. 


Specify the path for the domain directory. Choose the domain directory 
carefully. After it is created, it is difficult to rename. 


For more information, see Section 8.2.6, “Deciding Where to Create the 
Domain Directory,” on page 117. 


Specify a default language for the domain. 


For more information, see Section 8.2.9, “Selecting the Domain Language,” 
on page 121. 


Specify the time zone where the domain is located. 


For more information, see Section 8.2.10, “Selecting the Domain Time 
Zone,” on page 121. 


Specify the existing domain that you want to link the new domain to, then 
specify the link protocol. If you select TCP/IP, enter the IP address or 
hostname of the server where the MTA will run and the port number that the 
MTA will listen on. 


For more information, see Section 8.2.8, “Deciding How to Link the New 
Domain,” on page 121. 
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Item 


8) Domain Description: 


9) Network Type: 


10) Domain Administrator: 


11) Agent Location: 


+ MTA on the same 
server as the domain 
(local) 


+ MTA on a different 
server from the 
domain (remote) 


12) Agent Platform: 
+ NetWare MTA 


* Linux MTA 
+ Windows MTA 


Explanation 


Enter a description for the domain to help you identify its function in the 
system. 


Specify the network type in use on the server where this domain will be 
located. 


For more information, see Section 8.2.6, “Deciding Where to Create the 
Domain Directory,” on page 117. 


Enter the ID ofthe user or distribution list that will administer this domain. 


For more information, see Section 8.2.2, “Deciding Who Will Administer the 
New Domain,” on page 113. 


Mark the location of the MTA relative to the domain. 


For more information, see Section 8.2.7, “Deciding Where to Install the 
Agent Software,” on page 118. 


Specify the platform on which you plan to run the MTA. 


For more information, see Section 8.2.7, “Deciding Where to Install the 
Agent Software,” on page 118. 
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Managing Domains 


As your Group Wise” system grows and evolves, you might need to perform the following 
maintenance activities on domains: 


+ Section 9.1, “Connecting to a Domain,” on page 127 

+ Section 9.2, “Editing Domain Properties,” on page 127 

+ Section 9.3, “Converting a Secondary Domain to a Primary Domain,” on page 131 
+ Section 9.4, “Moving a Domain,” on page 132 

¢ Section 9.5, “Deleting a Domain,” on page 133 


+ Section 9.6, “Changing MTA Configuration to Meet Domain Needs,” on page 135 


See also Chapter 26, “Maintaining Domain and Post Office Databases,” on page 377. 


9.1 Connecting to a Domain 


Whenever you change domain information, it is most efficient to connect directly to the domain 
before you begin making modifications. 


To change your domain connection: 


1 InConsoleOne® in the Console View, click Tools > GroupWise System Operations, click Select 
Domain, browse to and select the domain directory, then click OK. 


or 
In the GroupWise View, right-click the Domain object, then click Connect. 


The Group Wise view identifies the domain to which you are connected by adding a plug 
symbol to the domain icon. 


GroupWise System 
E- Provot 
QA Manufacturing 


Qa RED 


i} Provo2 
QA Accounting 


QÀ Sales 





The domain marked with the red underscore is the primary domain. 


For cross-platform considerations, see Section 4.1, “Select Domain,” on page 51. 


9.2 Editing Domain Properties 


After creating a domain, you can change some domain properties. Other domain properties cannot 
be changed. 


1 In ConsoleOne, browse to and right-click a Domain object, then click Properties to display the 
domain Identification page. 
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Properties of Provoi 


GroupWise + | NDS Rights + | Other | Rights to Files and Folders | 
Identification 


Domain: 


Description: 


UNC Path: 
Language: 

Domain Type: 
Time Zone: 
Database Version: 


Network Type: 


Administrator: 


Page Options... 











[wED-Nvvisysigwsystem a 
Fngish 0 | 
Primary 

(GMT-07:00) Mountain Time (US 8 Canada) 


i 





[Noven NetWare: z] 


a | 


2 Change editable fields as needed. For information about individual fields, see Section 8.2, 
“Planning a New Domain,” on page 112 or use online help when editing the domain 


information. 


3 Click GroupWise > Post Offices to display the Post Offices page. 


Properties of Provo2 


i] NDS Rights v | Other | Rights to Files and Folders | 





(Support. GroupWise 





GroupWise Post Offices: 





All post offices in the domain are listed, no matter where their Novell® eDirectory™ objects are 


placed in the tree. This 


is a convenient place to delete post offices from the domain. 


4 Click GroupWise > Address Book to display the Address Book page. 
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Properties of Provo2 


NDS Rights v | Other | Rights to Files and Folders | 





Sort address book by: First Name, Last Name 


Address Book Fields: Available Fields: 
Given Name (required) 
Last Name (required) 


Map Additional Fields 


*Administrator-defined field 
T Do Not Display User Comments 


Page Options... 








5 Use this page to configure the Address Book to control how it appears to GroupWise client 


users in all post offices in the domain. See Section 6.1, “Customizing Address Book Fields,” on 
page 85 for more information. 


6 Click GroupWise > Addressing Rules to display the Addressing Rules page. 


Properties of Provo2 


DS Rights + | Other | Rights to Files and Folders | 


Addressing rules used by this domain: 











Page Options... 





This page lists all addressing rules that have been set up for the domain. See Section 6.8, 
“Facilitating Addressing through Group Wise Gateways,” on page 100 for more information. 


7 Click GroupWise > Internet Addressing to display the Internet Addressing page. 
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Properties of Provo2 


NDS Rights v | Other | Rights to Files and Folders | 


Preferred Address format: 


UserD@Internet domain name ~] 


Defined at: Corporate Mail 





Allowed Address Formats 


Defined at: Corporate Mail 


Internet domain name: 
ARE F 
Defined at: Corporate Mail 
T For incoming mail, recipients are known exclusively by this Internet domain name 


Internet Agent for outbound SMTPMIME messages: 


Defined at: Corporate Mail 





Alternate Internet Agent for outbound SMTP/MIME messages: 
<None> ft 


Page Options... 








Use this page to override any Internet addressing settings established at the system level. See 
Section 45, “Configuring Internet Addressing,” on page 703 for more information. 


8 Click GroupWise > Default WebAccess to display the Default WebAccess page. 


Properties of Provo2 


NDS Rights + | Other | Rights to Files and Folders | 


Override Default WebAccess Gateway: 


m oo 


Page Options... 








Use this page to designate the default WebAccess Agent (gateway) for the domain. See 
Part XII, “WebAccess,” on page 853 for more information. 


9 Click GroupWise > Admin Lockout Settings. 
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Properties of Provo2 


NDS Rights + | Other | Rights to Files and Folders | 


Override 
M F 
Defined at: Corporate Mail 


Minimum Snapin Release Version (x.x.x) 





Not Defined 


Minimum Snapin Release Date 











Not Defined 





Page Options... | Cancel | 





Use this page to control the version of the GroupWise Administrator snap-ins to ConsoleOne 
that is allowed to access Group Wise databases. See Section 4.2.6, “Admin Lockout Settings,” 
on page 57 for more information. 


10 Click OK to save the new domain settings. 


9.3 Converting a Secondary Domain to a Primary 
Domain 


You can change which domain is primary if it becomes more convenient to administer the primary 
domain from a different location. You can, however, have only one primary domain at a time. When 
you convert a secondary domain to primary, the old primary domain becomes a secondary domain. 


To convert a secondary domain to primary: 
1 In ConsoleOne, connect to the primary domain, as described in Section 9.1, “Connecting to a 
Domain,” on page 127. 


2 Make sure there are no pending operations for the primary domain, as described in Section 4.5, 
“Pending Operations,” on page 60. 


3 Browse to and select the secondary domain you want to convert. 


4 Click Tools > GroupWise Utilities > System Maintenance. 
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GroupWise System Maintenance 


C Validate Database 

C Recover Database 

© Rebuild Database 

© Reclaim Unused Space 


© Rebuild Indexes for Listing 


© Release Secondary 
f 
f 


Description: 
Convert to primary promotes a secondary domain to 
primary. The existing primary domain for the system 
becomes a secondary domain. 





5 Click Convert Secondary to Primary. 
6 Specify the path to the secondary domain database, then click OK. 


The GroupWise View in ConsoleOne displays the primary domain with a red underscore. 





GroupWise 
E-A Provot 
Ga Manufacturing 
Qa RED 
(3-5) Provo2 
QA Accounting 


QÀ Sales 





9.4 Moving a Domain 


You cannot use ConsoleOne to move a Domain object to a different location in the eDirectory tree 
because it is a container object. Only leaf objects can be moved. If you need to change the context, 
graft the Group Wise domain to its corresponding eDirectory object in the new container location. 
See Section 5.16, “GW / eDirectory Association,” on page 77 for more information about grafting 
objects. 


You can, however, move the domain directory and the domain database (wpdomain.db) by copying 
the domain directory structure and all its contents to the new location. 





IMPORTANT: Follow these instructions if you want to move a domain on a NetWare® or 
Windows server to another directory on the same server or to a different NetWare or Windows 
server. If you want to move a domain located on a NetWare or Windows server onto a Linux server, 
see “Manually Migrating a Domain and Its MTA to Linux” in “Update” in the GroupWise 7 
Installation Guide. 





1 Back up the domain, as described in Chapter 31, “Backing Up Group Wise Databases,” on 
page 407. 


2 In ConsoleOne, browse to and right-click the domain to move, then click Properties to display 
the domain Identification page. 
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3 Inthe UNC Path field, change the UNC path to the location where you want to move the 
domain, then click OK to save the new location. 


The location change is propagated throughout your GroupWise system. 
4 Stop the MTA and any gateways running for the domain. 


5 Use xcopy with the /s and /e options to copy the domain directory and database to the new 
location. These options re-create the same directory structure even if directories are empty. 
Example: 
xcopy domain directory /s /e destination 


6 Give rights to all objects that need to access the domain database. 


For example, if the new location is on a different server, the NetWare MTA and GroupWise 
administrators who run ConsoleOne need adequate rights to the new location, as described in 
Chapter 75, “GroupWise Administrator Rights,” on page 1139. 


7 Edit the MTA and gateway startup files to reflect the changes, then restart the MTA and 
gateways. 
See Section 41.1.7, “Adjusting the MTA for a New Location of a Domain or Post Office,” on 
page 626. 


8 When you are sure the domain is functioning properly in its new location, delete the original 
domain directory and its contents. 


If you need to move the MTA along with its domain, see Section 41.1.6, “Moving the MTA to a 
Different Server,” on page 626. 


9.5 Deleting a Domain 


You can delete a domain only when it no longer owns subordinate GroupWise objects. For example, 
you cannot delete the primary domain of your GroupWise system if it still owns secondary domains. 
You cannot delete a secondary domain if it still owns post offices. However, MTA and Gateway 
objects are automatically deleted along with the Domain object. Keep the MTA running until after 
you have deleted the domain, so that it can process the object deletion requests. 


1 In ConsoleOne, connect to the primary domain of your GroupWise system, as described in 
Section 9.1, “Connecting to a Domain,” on page 127. 


2 Browse to and right-click the Domain object you want to delete, then click Properties to 
display the domain Identification page. 
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Properties of Provo 


GroupWise + | NDS Rights v | Other | Rights to Files and Folders | 
Identification 


Domain: Provot 





Description: 





UNC Path: [iJED-NWisysigwsystem a 
Language: fngish-US | 
Domain Type: Primary 

Time Zone: (GMT-07:00) Mountain Time (US & Canada) 


Database Version: T 





Network Type: [Noven NetWare 





Administrator: (E 


Page Options... 








3 Verify that the current directory path displayed on the domain Identification page is correct. 


4 Click Post Offices, then move or delete any post offices that belong to this domain. See 
Section 12.8, “Moving a Post Office,” on page 196 and Section 12.9, “Deleting a Post Office,” 
on page 197. 





GroupWise Post Offices: 


(Support. GroupWise 


Page Options... 








5 Right-click the Domain object, then click Delete to delete the Domain object from eDirectory. 
6 When prompted, click Yes to delete the corresponding domain directory structure. 


7 Stop the MTA for the domain, as described in the following sections in the GroupWise 7 
Installation Guide: 


+ “Stopping the NetWare Group Wise Agents” 
+ “Stopping the Linux GroupWise Agents” 
+ “Stopping the Windows GroupWise Agents” 
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8 Uninstall the MTA software if applicable, as described in the following sections in the 
Group Wise 7 Installation Guide: 


+ “Uninstalling the NetWare GroupWise Agents” 
+ “Uninstalling the Linux GroupWise Agents” 
+ “Uninstalling the Windows GroupWise Agents” 


9.6 Changing MTA Configuration to Meet Domain 
Needs 


Because the MTA transfers messages between domains and between post offices in the same 
domain, it affects the domain itself, local users in post offices belonging to the domain, and users 
who exchanges messages with local users in the domain. Proper MTA configuration is essential for 
a smoothly running GroupWise system. Complete details about the MTA are provided in “Message 
Transfer Agent” on page 603. As you create and manage domains, you should keep in mind the 
following aspects of MTA configuration: 

+ “Securing the Domain with SSL Connections to the MTA” on page 629 

+ “Restricting Message Size between Domains” on page 628 

+ “Scheduling Direct Domain Links” on page 633 


+ “Optimizing TCP/IP Links” on page 675 
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Managing the Links between 
Domains and Post Offices 


When you create a new secondary domain in your GroupWise® system or a new post office in a 
domain, you configure one direct link to connect the new domain or post office to a domain in your 
Group Wise system. For simple configurations, this initial link might be adequate. For more complex 
configurations, you must modify link types and protocols to achieve optimum message flow 
throughout your GroupWise system. 


The following topics help you manage links between domains and post offices: 


+ Section 10.1, “Understanding Link Configuration,” on page 137 
+ Section 10.2, “Using the Link Configuration Tool,” on page 143 
+ Section 10.3, “Interpreting Link Symbols,” on page 150 

+ Section 10.4, “Modifying Links,” on page 151 


10.1 Understanding Link Configuration 


In GroupWise, a link is defined as the information required to route messages between domains, 
post offices, and gateways in a GroupWise system. Initial links are created when domains, post 
offices, and gateways are created. The following topics help you understand link configuration: 

+ Section 10.1.1, “Domain-to-Domain Links,” on page 137 

+ Section 10.1.2, “Domain-to-Post Office Links,” on page 140 

+ Section 10.1.3, “Link Protocols for Direct Links,” on page 141 


10.1.1 Domain-to-Domain Links 


The primary role of the MTA is to route messages from one domain to another. Domain links tell the 
MTA how to route messages between domains. Domain links are stored in the domain database 
(wodomain. db). There are three types of links between source and destination domains: 

+ “Direct Links” on page 137 

+ “Indirect Links” on page 138 

+ “Gateway Links” on page 140 
As an alternative to configuring individual links between individual domains throughout your 


GroupWise system, you can establish a system of one or more routing domains. See Section 41.3.1, 
“Using Routing Domains,” on page 631. 


Direct Links 


In a direct link between domains, the source domain’s MTA communicates directly with the 
destination domain’s MTA. If it is using a TCP/IP link, the source domain MTA communicates 
messages to the destination domain MTA by way of TCP/IP, which does not require disk access by 
the source MTA in the destination domain. If it is using a mapped or UNC link, the source domain 


Managing the Links between Domains and Post Offices 137 


MTA writes message files into the destination domain MTA input queue, which does require disk 
access by the source MTA in the destination domain. For additional details about the configuration 
options for direct links, see Section 10.1.3, “Link Protocols for Direct Links,” on page 141. 


Figure 10-1 Direct Link between Domain A and Domain B 
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Direct links can be used between all domains. This is a very efficient configuration but might not be 
practical in a large system. 


Figure 10-2 Direct Links to All Domains 
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Indirect Links 


In an indirect link between domains, the source domain’s MTA routes messages through one or 
more intermediate MTAs in other domains to reach the destination domain’s MTA. In other words, 
an indirect link is a series of two or more direct links. In large systems, direct links between each 
pair of domains might be impractical, so indirect links can be common. A variety of indirect link 
configurations are possible, including: 

+ “Simple Indirect Links” on page 138 

+ “Star Configuration” on page 139 

+ “Two-Way Ring Configuration” on page 139 


+ “Combination Configuration” on page 140 
Properly configured links optimize message flow throughout your GroupWise system. 
Simple Indirect Links 


In simplest form, an indirect link can be used to pass messages between two domains that are not 
directly linked. 
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Figure 10-3 Indirectly Linking Two Domains by Going through a Third Domain 
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Star Configuration 


In a star configuration, one central domain is linked directly to all other domains in the system. All 
other domains are indirectly linked to each other through the central domain. 


Figure 10-4 Indirect Links through a Central Domain 
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If you have more than ten domains, you might want to designate the central domain as a routing 
domain. The sole function of a routing domain is to transfer messages between other domains; it has 
no post offices of its own. See Section 41.3.1, “Using Routing Domains,” on page 631. 


The major drawback of the star configuration is that the central domain is a single point of failure. 
Two-Way Ring Configuration 


In a two-way ring configuration, each domain is directly linked to the next and previous domains in 
the ring and indirectly linked to all other domains in the system. 
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Figure 10-5 Ring Configuration with Direct Links to Neighboring Domain and Indirect Links to All Other Domains 
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An advantage of the two-way ring configuration is that it has no single point of failure. A 
disadvantage is that, depending on the size of the system, a message might go through several 
domains before arriving at its destination. A two-way ring works well in a system with five domains 
or less because transferring a message never requires more than two hops. 


Combination Configuration 


These three basic link configurations can be combined in any way to meet the needs of your 
Group Wise system. 


Gateway Links 


In a gateway link between domains, the sending domain’s MTA must route the message through a 
gateway to reach its destination. Gateways can be used to: 


+ Link domains within your GroupWise system. See “Using Gateway Links between Domains” 
on page 622. 


+ Link your GroupWise system to another GroupWise system through an external domain. See 
“Using Direct Links” in “Connecting to Group Wise 5.x, 6.x, and 7.x Systems” in the 
GroupWise 7 Multi-System Administration Guide 


+ Link your GroupWise system to a different e-mail system through a non-Group Wise domain. 
See “Connecting to Non-GroupWise Messaging Systems” in the GroupWise 7 Multi-System 
Administration Guide. 


For more information, see the GroupWise Gateways Documentation Web site (http:// 
www.novell.com/documentation/gwgateways). 


You cannot locate a post office across a gateway link from its domain. This precludes locating a post 
office across a modem connection. 


10.1.2 Domain-to-Post Office Links 


Between a domain and its post offices, all links must be direct links. There are no alternative link 
types between a domain and its post offices. 
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10.1.3 Link Protocols for Direct Links 


The link protocol of a direct link between domains determines how the MTAs for the domains 
communicate with each other across the link. When you create a new domain, you must link it to an 
existing domain. This creates the initial domain-to-domain link. 


Between a domain and a post office, the link protocol determines how the MTA transfers messages 
to the post office. Messages do not flow directly from one post office to another within a domain. 
Instead, they are routed through the domain. When you create a new post office, you must specify 
which domain it belongs to. This creates the initial domain-to-post office link. 


There are three link protocols for direct links between domains and between a domain and its post 
offices: 


+ “TCP/IP Links” on page 141 
+ “Mapped Links” on page 141 
+ “UNC Links” on page 142 


NOTE: On Linux, TCP/IP links are required. 





TCP/IP Links 


+ “Domain-to-Domain TCP/IP Links” on page 141 
+ “Domain-to-Post Office TCP/IP Links” on page 141 


Domain-to-Domain TCP/IP Links 


In a TCP/IP link between domains, the source MTA and the destination MTA communicate by way 
of TCP/IP rather than by writing message files into queue directories. The source MTA establishes a 
TCP/IP link with the destination MTA and transmits whatever messages need to go to that domain. 
The destination MTA receives the messages and routes them on to local post offices or to other 
domains as needed. During the process, message files are created in the gwinprog directory for 
backup purposes and are deleted when the TCP/IP communication process is completed. 


Domain-to-Post Office TCP/IP Links 


In a TCP/IP link between a domain and a post office, you must configure both the POA and the 
MTA for TCP/IP. The source MTA establishes a TCP/IP link with the destination POA and transmits 
whatever messages need to go to that post office. The destination POA receives the messages and 
delivers them into mailboxes in the post office. During this process, message files are created in the 
POA input queue for backup purposes and are deleted when delivery is completed. 


Mapped Links 


+ “Domain-to-Domain Mapped Links” on page 141 
+ “Domain-to-Post Office Mapped Links” on page 142 


Domain-to-Domain Mapped Links 


In a mapped link between domains, the location of the destination domain is specified in the 
following format: 


Managing the Links between Domains and Post Offices 


141 


drive:\domain directory 
The source MTA writes message files into its output queue at the location: 
drive:\domain directory\wpcsin 


as input for the destination domain’s MTA. Because drive mappings are changeable, you can move 
the domain directory structure, map its new location to the original drive letter, and the domain-to- 
domain link is still intact. 


Domain-to-Post Office Mapped Links 


In a mapped link between a domain and a post office, the location of the post office is specified in 
the following format: 


drive:\post office directory 
The MTA writes message files into its output queue at the location: 
drive:\post office directory\wpcsout 


as input for the post office’s POA. Because drive mappings are changeable, you can move the post 
office directory structure, map its new location to the original drive letter, and the domain-to-post 
office link is still intact. 


UNC Links 

+ “Domain-to-Domain UNC Links” on page 142 

+ “Domain-to-Post Office UNC Links” on page 142 
Domain-to-Domain UNC Links 


In a UNC link between domains, the location of the destination domain is specified in the following 
format: 


\\server\volume\ domain directory 
The source MTA writes message files into its output queue at the location: 
\\server\volume\domain directory\wpcsin 


as input for the destination domain’s MTA. Because UNC paths represent absolute locations on your 
network, if you move the domain to a new location, you need to edit the link to match. 


Domain-to-Post Office UNC Links 


In a UNC link between a domain and a post office, the location of the post office is specified in the 
following format: 


\\server\volume\post office directory 
The MTA writes message files into its output queue at the location: 
\\server\volume\post office directory\wpcsout 


as input for the post office’s POA. Because UNC paths represent absolute locations in your network, 
if you move the post office to a new location, you need to edit the link to match. 
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10.2 Using the Link Configuration Tool 


The Link Configuration tool helps you manage the links between the domains and post offices in 
your GroupWise system. The following topics help you perform basic link management tasks: 


+ Section 10.2.1, “Starting the Link Configuration Tool,” on page 143 

+ Section 10.2.2, “Editing a Domain Link,” on page 144 

+ Section 10.2.3, “Editing Multiple Domain Links,” on page 145 

+ Section 10.2.4, “Editing a Post Office Link,” on page 146 

+ Section 10.2.5, “Viewing the Path of an Indirect Link between Domains,” on page 147 


+ 


+ 


+ 


Section 10.2.6, “Viewing the Indirect Links Passing through a Domain,” on page 148 


Section 10.2.7, “Viewing the Gateway Links Passing through a Gateway,” on page 149 


Section 10.2.8, “Saving and Synchronizing Link Configuration Information,” on page 150 


10.2.1 Starting the Link Configuration Tool 


The Link Configuration tool is provided to help you change from default links to whatever link 
configuration best suits your Group Wise system. 


1 In ConsoleOne*, select the Domain object whose links you want to modify. 


2 Click Tools > GroupWise Utilities > Link Configuration to display the Link Configuration Tool 


window. 


GroupWise Link Configuration Tool - K:\gwsystem\provo1 
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The most frequently used features of the Link Configuration tool are available on the toolbar: 


Menu 
Button Equivalent Function 
E File > Open Open a different domain database (wpdomain.db) to modify 


Ph 
Pal File > Save 


links in a different domain 


Save the current link configuration information to the domain 
database 
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Menu 





Button Equivalent Function 

he) Edit > Undo Undo your changes to the link configuration (since the last 
save) 

kd Help > Help Display online Help for the Link Configuration tool 

IR] Search > Find Search for a specified domain 

= Double-click object Display details of the selected object 

ws View > Domain Links View domain links for the selected domain 

Ei View > Post Office Links View post office links for the selected domain 


3 Continue with a specific link management task: 
+ Section 10.2.2, “Editing a Domain Link,” on page 144 
¢ Section 10.2.3, “Editing Multiple Domain Links,” on page 145 
+ Section 10.2.4, “Editing a Post Office Link,” on page 146 
+ Section 10.2.5, “Viewing the Path of an Indirect Link between Domains,” on page 147 
+ Section 10.2.6, “Viewing the Indirect Links Passing through a Domain,” on page 148 
+ Section 10.2.7, “Viewing the Gateway Links Passing through a Gateway,” on page 149 


10.2.2 Editing a Domain Link 


After starting the Link Configuration tool: 


1 From the drop-down list, select the domain whose links you want to edit. 
2 Click View > Domain Links to display domain links. 


Outbound and inbound links for the selected domain are listed. 
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3 Double-click a domain in the Outbound Links list to edit the link to that domain from the 
selected domain. 


Or 
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Double-click a domain in the Inbound Links list to edit the link from that domain to the selected 
domain. 


Edit Domain Link 
Description: How Provo1 connects to Provo2 
Link Type: Direct Zi 

Settings 
Protocol: TCPAP x] 


IP Address: [ibd-win.provo. novell.com : 7100 Z Scheduling... 


Cancel 


Help 











I Override 


Maximum send message size: 0 + MBytes 





Delay message size: 0 4 MBytes 


Transfer Pull Info... | External Link Info... 











TIP: You can also open the Edit Domain Link dialog box by dragging a domain from one link 
type to another. 





4 Select the link type. 
+ “Direct Links” on page 137 
+ “Indirect Links” on page 138 
+ “Gateway Links” on page 140 
5 For a direct link, select the link protocol. 
+ “Mapped Links” on page 141 
+ “UNC Links” on page 142 
+ “TCP/IP Links” on page 141 
6 Provide the location of the domain in the format appropriate to the selected protocol. 
7 Click OK. 
8 Repeat Step | through Step 7 for whatever links you need to modify. 


As a time-saving measure, you can make a new domain’s links the same as an existing 
domain’s links. Click Edit > Default Links, then click the domain whose links you want to use 
as a pattern for the new domain. Select Outbound and/or Inbound as needed, then click OK. 


To look at the same link information from different points of view, you can start the Link 
Configuration tool multiple times to open multiple Link Configuration Tool windows. 


9 To exit the Link Configuration Tool and save your changes, click File > Exit > Yes. 


10.2.3 Editing Multiple Domain Links 


When your Group Wise system includes indirect links, it is not unusual for several domains to link to 
the same domain. As a time-saving measure, you can create links from multiple domains to the same 
domain in one operation. 


After starting the Link Configuration tool: 


1 Click Edit > Multiple Link Edits. 
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Multiple Link Edits - Outbound Links 


Domains to be linked: Indirect link through: Link to: 





Internet Internet Internet 
Provo1 Provo1 Provo1 
Provo2 Provo2 Provo2 
Provo3 Provo3 Provo3 
Provo4 Provo4 Provo4 








Select All Select All 








2 Inthe Domains to Be Linked column, select the source domains whose outgoing links you want 
to modify. 


3 In the Indirect Link Through column, select the intermediate domain through which you want 
the indirect links to pass. 


4 Inthe Link To column, select one or more destination domains. 
5 Click OK. 


6 Fill in the fields in the Edit Domain Link dialog box for each direct link between a source 
domain and the intermediate domain, as described in Section 10.2.2, “Editing a Domain Link,” 
on page 144, then click OK. 


Edit Domain Link 
Description: How Provo1 connects to Provo2 
Link Type: Direct A 

Settings 
Protocol: TCPAP x] 
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Cancel 


Help 











[I Override 
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Transfer Pull Info... | External Link Info... 








The Edit Domain Link dialog box continues to appear until you have defined all the direct links 
between the source domains and the intermediate domain. 





IMPORTANT: After defining links from the source domains to the intermediate domain, make sure 
the links from the intermediate domain to other domains are set up the way you want them. 





10.2.4 Editing a Post Office Link 


After starting the Link Configuration tool: 
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1 From the drop-down list, select the domain whose post office link you want to edit. 
2 Click View > Post Office Links to display post office links. 


KA GroupWise Link Configuration Tool - K:\gwsystem\provo1 ek) 
File Edit Search View Window Help 
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Client/Server Port: |1677 
Maximum send message size: 0 4 MBytes 





4 Select the link protocol for the direct link. 
+ “Mapped Links” on page 141 
+ “UNC Links” on page 142 
+ “TCP/IP Links” on page 141 
5 Provide the location of the post office in the format appropriate to the selected protocol. 


6 For a TCP/IP link, provide the message transfer port number where you want the POA to listen 
for incoming messages from the MTA. 


The default message transfer port for the POA is 7101. 
7 Click OK. 


8 To exit the Link Configuration tool and save your changes, click File > Exit > Yes. 


10.2.5 Viewing the Path of an Indirect Link between Domains 


The more hops between two indirectly linked domains, the longer it takes a message to travel 
between them. To make sure the number of hops between two indirectly linked domains is as small 
as possible, you can list the route a message would take from one domain to the other in 
ConsoleOne. 


After starting the Link Configuration tool: 


1 Select a domain from the drop-down list. 
2 Select a domain in the Indirect links list. 


3 Click View > Link Path to see a list of the hops between the two domains. 
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KS GroupWise Link Configuration Tool - K:\gwsystem\provo1 
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You can also use Group Wise Monitor to trace the path a message would take between two domains. 
See Section 61.3.1, “Link Trace Report,” on page 1002. 
10.2.6 Viewing the Indirect Links Passing through a Domain 


If a domain serves as a hop in an indirect link, making changes to that domain could affect all 
indirect links passing through that domain. You can list all the indirect links that pass through a 
domain in ConsoleOne. 


After starting the Link Configuration tool: 
1 Click View > Link Hop to list all domains in your system. 


KE select GroupWise Object 








2 Double-click a domain to list the indirect links passing through it. 
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3 If you need to reroute a link, right-click the link, then click Edit to open the Edit Domain Link 
dialog box and make changes as needed. 


You can also use GroupWise Monitor to check the links passing through a selected domain. See 


Section 61.3.2, “Link Configuration Report,” on page 1003. However, you cannot change link 
information using Monitor. 


10.2.7 Viewing the Gateway Links Passing through a Gateway 


Before making changes to a gateway, you can list all the links that pass through the gateway. 
After starting the Link Configuration tool: 


1 Click View > Gateway Hop to list all gateways in your system. 


KS select GroupWise Object 
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2 Double-click a gateway to list the domains linked through that gateway. 
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3 Ifyou need to reroute a link, right-click the link, then click Edit to open the Edit Domain Link 
dialog box and make changes as needed. 


10.2.8 Saving and Synchronizing Link Configuration 
Information 

Whenever you modify link configuration information, a cautionary symbol (see Section 10.3.2, 
“Link Status Symbols,” on page 150) appears next to the modified link until you save the current 
link configuration by clicking Edit > Save. If you are making extensive changes to link 
configuration information, you should save regularly. When you save, the information is written out 
to the domain database (wodomain. db) for the domain to which you are currently connected. You 
can change to a different domain database without exiting the Link Configuration tool by clicking 
File > Open. 


The MTA routinely synchronizes the information in the domain databases throughout your 
Group Wise system. If you are making extensive changes to link configuration information, you can 
synchronize the information immediately by clicking Edit > Synchronize. 


10.3 Interpreting Link Symbols 


As you modify links, you see symbols that represent the various link types. Along with the link type 
symbols, you sometimes see link status symbols. 


+ Section 10.3.1, “Link Type Symbols,” on page 150 
¢ Section 10.3.2, “Link Status Symbols,” on page 150 


10.3.1 Link Type Symbols 
Table 10-1 Symbols for Link Types 


Link Type 


Symbol Meaning 

& Direct link 

ut | Indirect link 

% Gateway link 

> TCP/IP link to domain 

% TCP/IP link to post office 
KA Undefined link 


10.3.2 Link Status Symbols 


Link Status Meanin 
Symbol g 
1 Link modification not yet saved 
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Link Status 


Symbol Meaning 

kd Link modification not yet synchronized 
T Insufficient rights to modify link 

? 


Rights not yet checked 


10.4 Modifying Links 


In “Post Office Agent” on page 461 and “Message Transfer Agent” on page 603, detailed 
instructions for changing link types are provided as outlined below: 
Changing the Link Protocol between the Post Office and the Domain 


+ “Using TCP/IP Links between the Post Office and the Domain” on page 481 
+ “Using Mapped or UNC Links between the Post Office and the Domain” on page 483 


Changing the Link Protocol between Domains 


+ “Using TCP/IP Links between Domains” on page 618 
+ “Using Mapped or UNC Links between Domains” on page 621 
+ “Using Gateway Links between Domains” on page 622 


Customizing Link Configuration 


+ “Using Routing Domains” on page 631 
+ “Scheduling Direct Domain Links” on page 633 
+ “Using a Transfer Pull Configuration” on page 636 
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Post Offices 


+ Chapter 11, “Creating a New Post Office,” on page 155 
+ Chapter 12, “Managing Post Offices,” on page 175 


Post Offices 153 
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Creating a New Post Office 


As your GroupWise® system grows, you typically need to add new post offices. 


+ Section 11.1, “Understanding the Purpose of Post Offices,” on page 155 
¢ Section 11.2, “Planning a New Post Office,” on page 156 

+ Section 11.3, “Setting Up the New Post Office,” on page 167 

+ Section 11.4, “What's Next,” on page 171 

+ Section 11.5, “Post Office Worksheet,” on page 171 





IMPORTANT: If you are creating a new post office in a clustered GroupWise system, see the 
GroupWise 7 Interoperability Guide before you create the post office: 





11.1 Understanding the Purpose of Post Offices 


The post office serves as an administrative unit for a group of users and is used for addressing 
messages. Each GroupWise user has an address that consists of a user ID, the user’s post office 
name, the GroupWise domain name, and, optionally, an Internet domain name. 


The following diagram illustrates the logical organization of a GroupWise domain with multiple 
post offices. The two post offices belong to the domain. All of the objects under each post office 
belong to that post office. 


Figure 11-1 GroupWise Domain with Multiple Post Offices 
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As illustrated above, each post office must have at least one Post Office Agent (POA) running for it. 
The POA delivers messages to users’ mailboxes and performs a variety of post office and mailbox 
maintenance activities. 


When you add a new post office, you must link it to a domain. The link defines how messages travel 
between the post office and its domain. Links are discussed in detail in Chapter 10, “Managing the 
Links between Domains and Post Offices,” on page 137. 
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Physically, a post office consists of a set of directories that house all the information stored in the 
post office. To view the structure of the post office directory, see “Post Office Directory” in 
GroupWise 7 Troubleshooting 3: Message Flow and Directory Structure. The post office directory 
contains user mailboxes and messages, as well as other vital information. For an overview, see 
Section 35.3, “Information Stored in the Post Office,” on page 464. 


11.2 Planning a New Post Office 


This section provides the information you need in order to decide when, where, and how to create a 
new post office. The “Post Office Worksheet” on page 171 lists all the information you need as you 
set up your post office. You should print the worksheet and fill it out as you complete the tasks listed 
below. 

¢ Section 11.2.1, “Determining When to Add a Post Office,” on page 156 

+ Section 11.2.2, “Selecting the Domain That the Post Office Will Belong To,” on page 157 

¢ Section 11.2.3, “Determining the Context for the Post Office Object,” on page 158 

+ Section 11.2.4, “Choosing the Post Office Name,” on page 160 

+ Section 11.2.5, “Deciding Where to Create the Post Office Directory,” on page 160 

+ Section 11.2.6, “Deciding Where to Install the Agent Software,” on page 161 

+ Section 11.2.7, “Deciding How to Link the New Post Office,” on page 164 

+ Section 11.2.8, “Selecting the Post Office Language,” on page 165 

+ Section 11.2.9, “Selecting the Post Office Time Zone,” on page 165 

+ Section 11.2.10, “Selecting a Software Distribution Directory,” on page 165 

+ Section 11.2.11, “Selecting a Post Office Security Level,” on page 166 

+ Section 11.2.12, “Deciding if You Want to Create a Library for the New Post Office,” on 

page 166 


After you have completed the tasks and filled out the “Post Office Worksheet” on page 171, you are 
ready to continue with Section 11.3, “Setting Up the New Post Office,” on page 167. 


11.2.1 Determining When to Add a Post Office 


After you have your basic GroupWise system up and running, you might need to expand it. How do 
you know when you should add a post office? The answer to this depends on your company 
organization, the number of users on your network, and the physical limitations of your network 
servers. 

+ “Physical Organization” on page 156 

+ “Logical Organization” on page 157 

+ “Number of Users” on page 157 

+ “Demand on the POA” on page 157 


Physical Organization 


If your network spans several sites, you might want to create post offices (if not domains) at each 
physical location. This reduces the demands on long distance network links. 
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Logical Organization 


Processing messages within a post office is faster and typically generates less network traffic than 
messages traveling between different post offices. As you expand GroupWise, you might find it 
useful to add post offices in order to group users who frequently send mail to each other. 


Grouping users into post offices, based upon company organization or job function, makes 
administrative tasks, such as creating distribution lists, limiting Address Book visibility, and 
distributing shared folders, easier. For example, some employees might work in corporate functions 
like accounting and human resources. Other employees might be involved in sales and marketing 
and frequently attend meetings together, requiring frequent busy searches. Some areas, for example 
the production floor, might not need a workstation or user account for each individual. 


Number of Users 


Although a GroupWise post office can support more than 10,000 users, you should consider adding 
a post office when an existing post office has more than about 1000 to 2500 users and you expect it 
to keep growing. There are several reasons for this: 

+ It minimizes the impact if you have a problem with a server. 


+ It keeps the time required to perform post office and mailbox maintenance activities including 
backups from becoming excessive. 


¢ It allows room to grow while maintaining best performance. 


Therefore, a good post office size is about 1000 to 2500 users and include all of the resources (such 
as equipment, company cars, and conference rooms) and distribution lists they might need. 


Demand on the POA 


The POA is a very flexible component of your GroupWise system. Many aspects of its functioning 
are configurable, to meet the particular needs of the post office it services, no matter what the size. 
In addition, you can choose to run multiple POAs for the same post office, in order to specialize its 
functioning, as described in: 

+ Section 38.1.3, “Configuring a Dedicated Client/Server POA,” on page 550 

+ Section 38.2.2, “Configuring a Dedicated Message File Processing POA,” on page 553 

¢ Section 38.3.2, “Configuring a Dedicated Indexing POA,” on page 556 

¢ Section 38.4.2, “Configuring a Dedicated Database Maintenance POA,” on page 560 


As a result, the choice is up to you whether you prefer a single, large post office, perhaps with 
multiple POAs, or multiple smaller post offices, each with its own POA. 


11.2.2 Selecting the Domain That the Post Office Will Belong To 


A post office is associated with a specific domain, even though it might reside in a different 
organizational unit in the Novell® eDirectory™ tree. If you have just one domain, the new post 
office will belong to it. If you want to create a new domain as well as a new post office, see 
Chapter 8, “Creating a New Domain,” on page 111. 


In a multiple post office system, the domain organizes post offices into a logical grouping for 
addressing and routing purposes. Each user in the domain has a Group Wise address that consists of 
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the user's Group Wise ID, the post office name, the GroupWise domain name, and optionally, an 
Internet domain name. 


Domains function as the main administration units for the GroupWise system. Post office 
information is stored in the domain database, as well as in the post office database. Changes are 
distributed to each post office database from the domain. 


WORKSHEET 


Under Item 3: GroupWise Domain, specify the GroupWise domain that the new post office will belong to. 


The items in the worksheet are listed in the order you enter them when setting up your post office. 
This planning section does not follow the same order as the worksheet, but all worksheet items are 
covered. 


11.2.3 Determining the Context for the Post Office Object 


The eDirectory context of the Post Office object determines how you administer the post office. The 
post office can be created in any Organization or Organizational Unit container in any context as 
long as it is in the same tree as the domain. The following diagrams provide some examples of how 
post offices can be placed in the eDirectory tree: 


+ “GroupWise Objects Reflect Physical Locations” on page 158 

+ “GroupWise Objects Reflect Company Organization” on page 159 

+ “GroupWise Objects Are Grouped with Servers” on page 159 

+ “GroupWise Objects Are Located in a Separate GroupWise Container” on page 159 


WORKSHEET 


Under Item 1: eDirectory Container, specify the name of the eDirectory container where you want to 
create the new post office. 


GroupWise Objects Reflect Physical Locations 


The Group Wise system below focuses on the physical layout of the company. Because most mail 
traffic is generated by users in the same location, the mail traffic across the WAN is minimized. An 
organizational unit was created for each site. A domain and post office were created under each 
organizational unit, corresponding to the city. The sites can be administered centrally or at each site. 
Administrator rights can be assigned at the domain level. 


Figure 11-2 A GroupWise System Following the Physical Layout of the Company 
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GroupWise Objects Reflect Company Organization 


The following GroupWise system focuses on departmental organization, as does the eDirectory tree. 
Group Wise domains and post offices parallel eDirectory organizational units, placing the domains 
and post offices within the organizational units containing the users that belong to them. 


Figure 11-3 A GroupWise System Following the Departmental Organization of the Company 
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GroupWise Objects Are Grouped with Servers 


Because domains and post offices have directory structures on network servers, you can also choose 
to place the Domain and Post Office objects in the same context as the servers where the directories 
reside, as shown in the following example. 


Figure 11-4 A GroupWise System with the Domains and Post Offices Grouped with the Servers 
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GroupWise Objects Are Located in a Separate GroupWise Container 


Domains and post offices can also be created in their own organizational unit. Administratively, this 
approach makes it easier to restrict a GroupWise administrator’s object and property rights to 
Group Wise objects only. 
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Figure 11-5 GroupWise Objects Located in Their Own Organizational Unit 
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11.2.4 Choosing the Post Office Name 


The post office must be given a unique name. The name is used for addressing and routing purposes 
within GroupWise, and might appear in the GroupWise Address Book. 


The post office name can reflect a location, organization, department, and so on. For example, you 
might want the domain name to be the location (for example, Provo) while the post office name is 
one of the company’s departments (for example, Research). Name the new post office carefully. 
After it is created, the name cannot be changed. 


The post office name should consist of a single string. Use underscores (_) rather than spaces as 
separators between words to facilitate addressing across the Internet. Do not use any of the 
following invalid characters in the post office name: 


ASCII characters 0-13 Comma, 


Asterisk * Double quote " 

At sign @ Extended ASCII characters that are graphical or typographical 
symbols; accented characters in the extended range can be used 

Braces {} Parentheses ( ) 

Colon : Period . 

WORKSHEET 


Under Item 2: Post Office Name, specify the post office name. 


Under Item 9: Post Office Description, provide a description for the post office to help you identify its 
function in the system. 


11.2.5 Deciding Where to Create the Post Office Directory 


Logically, the Post Office object resides in eDirectory and is administered through ConsoleOne®. 
Physically, the post office has a directory structure for databases, message queues, and other files. 
The post office directory structure can be created on any of the supported platforms listed in 
“GroupWise Administration Requirements” in the GroupWise 7 Installation Guide. It can also be 
located on any platform that a POA running on a supported platform could access successfully. The 
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server where you create the post office directory structure can be in the same tree as the Post Office 
object or in another tree. 


Databases and directories in the post office are updated as messages are sent. Because the POA 
typically makes these updates, we recommend that you place the post office directory on a server 
that can be easily accessed by the POA and, depending on configuration, the MTA. Users typically 
need a TCP/IP connection to the POA in order to access their mailboxes. 


When you are planning the post office directory location and which users will belong to the post 
office, consider the following: 


+ Post Office Directory Space Requirements: You need a minimum of 50 MB for each user. 
Because the message store can require considerable disk space, we recommend you allow each 
user at least 200 MB of storage space. You should also take into consideration the size of 
attachments, and your archive and delete policies. If message attachments are large and you are 
not planning to require users to archive or delete old messages, allow more storage. If you are 
creating libraries you need even more storage, depending on the size and number of documents. 
For details about managing post office disk space, see Section 12.3, “Managing Disk Space 
Usage in the Post Office,” on page 182. 


+ Network Access by the POA: The POA must have direct network access (mapped drive or 
file system mount) to the post office directory so that it can write to user databases (userxxx.db) 
and message databases (msgnnn.db). This issue is discussed in detail in Section 11.2.6, 
“Deciding Where to Install the Agent Software,” on page 161. 


+ Security from User Access: Users typically access their mailboxes through a TCP/IP 
connection to the POA. Therefore, users do not need access to the post office directory. You 
should create it in a location you can easily secure; otherwise, you could have files 
inadvertently moved or deleted. 


Choose an empty directory for the new post office. If you want, the directory can reflect the name of 
the post office, for example research for the Research post office. Use the following platform- 
specific conventions: 

NetWare: Use a maximum of 8 characters 

Linux: Use only lowercase characters 

Windows: No limitations. 

Choose the name and path carefully. After the post office directory is created, it is difficult to rename 


it. If the directory you specify does not exist, it is created when you create the post office. Do not 
create the post office directory under another domain or post office directory. 


WORKSHEET 


Under Item 4: Post Office Database Location, specify the full path for the post office directory. 


Under Item 10: Network Type, record the network type in use at that location. 


11.2.6 Deciding Where to Install the Agent Software 


You must run a new instance of the POA for each new post office. To review the functions of the 
POA for the post office, see Section 35.5, “Role of the Post Office Agent,” on page 469. For 
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complete POA installation instructions and system requirements, see “Installing GroupWise 
Agents” in the GroupWise 7 Installation Guide. 


When planning the installation of the POA, you need to consider how the new post office links to its 
domain. For an overview of link configuration, see Chapter 10, “Managing the Links between 
Domains and Post Offices,” on page 137. 


The POA requires direct network access (mapped drive or file system mount) to the post office 
directory so that it can write to user databases (userxxx.db) and message databases (msgnnn.db). 
Consider the following alternatives when selecting a location for the POA: 


+ “POA Access to the New Post Office: Local vs. Remote” on page 162 
+ “MTA Access to the New Post Office: Mapped and UNC Links vs. TCP/IP Links” on page 163 


+ “Cross-Platform Issues” on page 164 


WORKSHEET 


Under Item 12: Agent Location, indicate whether you plan to run the POA on the same server where the 
post office directory is located (recommended), or on a different server. 


Under Item 13: Agent Platform, specify the platform where the POA will run (NetWare, Linux, or 
Windows). 
POA Access to the New Post Office: Local vs. Remote 


Running the POA locally on the same server where the post office resides simplifies network 
connections (no login is required), reduces network traffic, and protects database integrity. In the 
following diagram, the agent software is installed on the same server where the domain and post 
office reside. 


Figure 11-6 Agent Software on the Same Server with the Domain and Post Office 
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Running the POA on a remote server allows you to place the heaviest processing load on your 
highest performing server. In the following diagram, the agent software is installed on a different 
server from where the domains and post offices reside. 


Figure 11-7 Agent Software on a Different Server than the Domain and Post Office 
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When you run the POA on a different server from where its directory structure and databases are 
located, you need to provide adeguate access. 
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NetWare: If the NetWare® POA needs direct network access to another NetWare server where the 
post office is located, you must add the /dn switch or the /user and /password switches to 
the POA startup file to provide authentication information. Username and password 
information can also be provided in the Remote File Server Settings box of the Post Office 
Settings page in ConsoleOne. 


Linux: If the Linux POA needs direct network access to another Linux server, you must mount the 
file system where the post office is located before you start the Linux POA. 


Windows: If the Windows POA needs direct network access to another Windows server where the 
post office is located, you must map a drive to the other server before you start the 
Windows POA. 


MTA Access to the New Post Office: Mapped and UNC Links vs. TCP/IP Links 


If a domain includes multiple post offices, the new post office will probably reside on different 
server from where the domain is located. If you plan to use mapped or UNC links between the 
domain and the new post office, the MTA requires the same access to the post office directory as it 
requires to the domain directory. 


Figure 11-8 MTA Access Using Mapped or UNC Links 
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NetWare: If the NetWare MTA needs direct network access to a new post office on another NetWare 
server, you must add the /dn switch or the /user and /password switches to the MTA 
startup file to provide authentication information. 


Linux: N/A. The Linux MTA requires TCP/IP links to the POA. 
Windows: If the Windows MTA needs direct network access to a new post office on another Windows 


server, you must map a drive to the post office directory before you start the MTA. 


To avoid these direct network access requirements between the MTA and a new post office, you can 
use TCP/IP links between the domain and the new post office. 


Figure 11-9 MTA Access Using TCP/IP Links 
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When using TCP/IP links, the MTA does not write message files into message gueues in the post 
office directory structure. Instead, the MTA communicates the information to the POA by way of 
TCP/IP and then the POA uses its direct network access to write the information. 
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Cross-Platform Issues 


In most cases, it is most efficient if you match the POA platform with the network operating system 
where the post office resides. For example, if you create a new post office on a NetWare server, use 
the NetWare POA. 


If you decide not to run the POA on the same platform as the post office, the POA must still have 
direct network access to the post office directory so that it can write to user databases 
(userxxx.db) and message databases (msgnnn . db). For example, you can set up the new post 
office on a NetWare server and run the Windows POA on a Windows server to service it. 


Figure 11-10 A Domain on a NetWare Server and the MTA on a Windows Server 
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However, the NetWare POA cannot service a post office located on a Windows server because 
Windows does not support the reguired cross-platform connection. 


If you are using mapped or UNC links to the new post office, the MTA must also have direct 
network access to the post office directory so that it can write message files into the post office 
message queues. You can, for example, run the agents on a Windows server while domains and post 
offices are located on NetWare servers. 


Figure 11-11 Agents on a Windows Server and Domains and Post Offices on a NetWare Server 
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Again, the opposite combination of NetWare agents servicing domains and post offices on Windows 
servers is not an option because Windows does not support the required cross-platform connection. 


To avoid these cross-platform access issues, use TCP/IP links between a domain and its post offices. 


For more detailed information, see Section 40.7, “Cross-Platform Issues between Domains and Post 
Offices,” on page 609. 


11.2.7 Deciding How to Link the New Post Office 


When you create a new post office, you have the opportunity to choose the type of link to use 
between the new post office and its domain. Based on issues discussed in the preceding section, you 
might decide to set up a TCP/IP link between the new post office and its domain. 
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WORKSHEET 


Under Item 14: Link to Domain, indicate the type of link you plan to set up between the new post office 
and its domain. 


11.2.8 Selecting the Post Office Language 


The post office language determines the sort order for items in the GroupWise Address Book. 


The post office defaults to the same language as its domain unless you specify otherwise. For 
example, if you set the domain and post office language to English-US, the Address Book items are 
sorted according to English-US sort order rules. This is true even if some users in the post office are 
running non-English GroupWise clients such as German or Japanese. Their client interface and Help 
files are in German or Japanese, but the Address Book sort order is according to English-US 
standards. Time, date, and number formats for the non-English clients defaults to the workstation 
language. 


WORKSHEET 


Under Item 5: Post Office Language, specify the post office language. 


11.2.9 Selecting the Post Office Time Zone 


When a message is sent from a user in one time zone to a user in another time zone, GroupWise 
adjusts the message’s time so that it is correct for the recipient’s time zone. For example, if a user in 
New York (GMT -05:00, Eastern Time) schedules a user in Los Angeles (GMT -08:00, Pacific 
Time) for a conference call at 4:00 p.m. Eastern Time, the appointment is scheduled in the Los 
Angeles user’s calendar at 1:00 p.m. Pacific Time. 


The domain time zone becomes the default time zone for each post office in the domain. 


WORKSHEET 


Under Item 6: Time Zone, specify the time zone for the new post office. 


11.2.10 Selecting a Software Distribution Directory 


A software distribution directory was created when your Group Wise system was initially set up. The 
software distribution directory contains files that users need in order to set up the GroupWise 
Windows or Cross-Platform client on their workstations. Additional software distribution directories 
might have been created since that time to accommodate users in various locations. 


You can select the most convenient software distribution directory for the new post office. 


WORKSHEET 
Under Item 7: Software Distribution Directory, specify the name of the software distribution directory from 


which users in the new post office will install the GroupWise client software on their Windows, Linux, or 
Macintosh workstations. 
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11.2.11 Selecting a Post Office Security Level 


Post office security settings affect two types of GroupWise users: 


+ Users who do not set passwords on their mailboxes 


+ Users who use LDAP passwords instead of GroupWise passwords to access their mailboxes 


After a user sets a GroupWise password on his or her mailbox, the post office security level no 
longer applies. The user is always prompted for the password unless the administrator has set certain 
client options in ConsoleOne to prevent the password prompt, as described in Section 70.1.3, 
“Managing GroupWise Passwords,” on page 1116. 


In the absence of GroupWise passwords on user mailboxes, the post office security level takes 
effect. By default, a new post office is created with low security. In a low security post office, 
mailboxes are completely unprotected. Without a Group Wise password, any user’s mailbox could be 
accessed by another user who knows how to use the @u-user/D startup switch. 


By increasing the post office security level to high, you provide protection to GroupWise mailboxes 
through other types of authentication. In a high security post office, you can choose between 
eDirectory authentication and LDAP authentication: 


¢ eDirectory Authentication: If you use eDirectory authentication for a post office, users must 
be logged in to eDirectory in order to access their Group Wise mailboxes. 


+ LDAP Authentication: If you use LDAP authentication for a post office, users must 
successfully authenticate to an LDAP server in order to access their GroupWise mailboxes. 


WORKSHEET 


Under Item 11: Post Office Security Level, mark the security level for the post office. If you choose high 
security, indicate the type of authentication you plan to use. 


11.2.12 Deciding if You Want to Create a Library for the New 
Post Office 


If you anticipate that users on this post office will require document management services, you can 
create a library at the same time you create the post office. The library is created with all of the 
default library options including Store Documents at Post Office. Using a document storage area is 
preferable to storing documents at the post office because a document storage area can be moved. 
You should appropriately configure the library immediately after it is created, before users begin to 
store documents there. See Part VII, “Libraries and Documents,” on page 291. 


WORKSHEET 


Under Item 8: Create Library, indicate whether or not you want to immediately create a library for the new 
post office. You can always add a library to the post office at a later time. 
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11.3 Setting Up the New Post Office 


You should have already reviewed Section 11.2, “Planning a New Post Office,” on page 156 and 
filled out Section 11.5, “Post Office Worksheet,” on page 171. Complete the following tasks to 
create a new post office. 

+ Section 11.3.1, “Creating the New Post Office,” on page 167 

+ Section 11.3.2, “Configuring the POA for the New Post Office,” on page 170 

+ Section 11.3.3, “Installing and Starting the New POA,” on page 170 

+ Section 11.3.4, “Setting Up User Access to the New Post Office,” on page 171 


11.3.1 Creating the New Post Office 


1 Make sure you are logged in to the tree where you want to create the post office. 


This must be the same tree as the domain that the post office belongs to (worksheet item 3). 


2 In ConsoleOne, browse to and right-click the eDirectory container where you want to create the 
post office (worksheet item 1), then click New > Object. 


New Object 


Create object in: 
Z CORP. TREE/GroupWise 


Cancel 





GS GroupWise Distribution List 
@ GroupWWise Domain 








Help 


@ GroupWise Resource 
httpServer 


innn NAN inn 





3 Double-click GroupWise Post Office, then fill in the fields in the Create Group Wise Post Office 
dialog box (worksheet items 2 through 8). 


Create GroupWise Post Office 


Post office name: 





GroupWyise Domain: 
Provoi .GroupWise 


Post Office Database Location: 











Language: 
English - US 





Time Zone: 

(GMT-07:00) Mountain Time (US 8 Canada) 
Software Distribution Directory: 

GroupWise 7 Software 








Post Office Agent Platform: 
NetWare 











[V Configure link 


[ Create Library 


[ Define additional properties 





[ Create another post office 





4 Make sure the Configure Links and Define Additional Properties options are selected, then 
click OK to display the Link Configuration Wizard. 
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Link Configuration Wizard 


Post Office Link 


The Message Transfer Agent (MTA) can link to the post office through a 
TCPAP connection to the Post Office Agent (POA) or a direct connection 
to the post office directory. 


How do you want the MTA to link to the post office? 
© Direct link 


© TCPAP link 











5 Follow the on-screen instructions to define how the post office links to its domain. When you 
finish defining the link, ConsoleOne creates the Post Office object and displays the post office 
Identification page. 


Properties of Development 


GroupWise + | NDS Rights + | Other | Rights to Files and Folders: | 
Identification 


Post Office: Provo Development 


Description: 








UNC Path: [iJBD-NWisysigwsystemidev [| 


Language: English - US ha 


Time Zone: [cewr-07:00) Mountain Time (US 8 Canada) it 





Database Version: 7 


Configure Non-DOS Name Space Access 


Page Options... 





6 Fill in the Description field (worksheet item 9). 
7 Click GroupWise > Post Office Settings to display the Post Office Settings page. 
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Properties of Development 


NDS Rights + | Other | Rights to Files and Folders 





Network Type: [Noven NetWare 


Software Distribution Directory: GroupWise 7 Software a 


Access Mode: [Cient/Server Only + 
El 








Delivery Mode: [use App Thresholds 


a 
Max Age for Address Book Updates: 15 E days 


I Disable Live Move 


Restore Area: (Not Set) 


Remote File Server Settings 





Remote User Name: | 


Remote Password: Set Password 


Page Options... Cancel | Apply | 








8 Provide the network type for the post office location (worksheet item 10). 
Select the software distribution directory for the post office (worksheet item 7). 


10 Ifthe POA will run on a different server from where the post office directory, a library, or a 
document storage area is located, provide a username and password that enables the POA to 
access the remote location (worksheet item 12). 


11 Click GroupWise > Security to display the Security page. 


Properties of Legal 
GroupWise + | NDS Rights + | Other | Rights to Files and Folders | 
Security 


Security Level: 
C Low 


© High 
rHigh Security Options = 





LDAP Server 
LDAP User Name: el 
LDAP Password: Set Password 


| Disable LDAP Password Changing 


Inactive Connection Timeout: 30 E seconds 
LDAP Pool Server Reset Timeout: 5 = minutes 
LDAP Server Guarantine Threshold: 2 4 


Select Servers 








Page Options... ok |. Cancel | Apply | 





12 Provide the post office security level and authentication type for the post office (worksheet item 
11). For additional LDAP instructions, see Section 36.3.4, “Providing LDAP Authentication 
for Group Wise Users,” on page 501. 


13. Click OK to save the post office information. 
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11.3.2 Configuring the POA for the New Post Office 


Although there are many POA settings, the default settings are sufficient to get your post office 
operational. However, there are a few important settings that you can conveniently modify before 
you install the agent software. 


1 In ConsoleOne, double-click the new Post Office object. 
2 Right-click the POA object, then click Properties to display the POA Identification page. 


‘GroupWise + | NDS Rights + | Other | Rights to Files and Folders | 
identification i 


Domain.PO: Provo1 Development 
Distinguished Name: POA.Development.GroupWise 
Name: POA 


Agent Type: Post Office 





Description: igi Post Office Agent 





Platform: [Netware 








Page Options... 





3 Provide a description for the POA. 
The description displays on the POA agent console as the POA runs. 
4 Select the platform where the POA will run (worksheet item 12). 


5 If you have created the post office in a clustered environment, follow the instructions in the 
appropriate section of the GroupWise 7 Interoperability Guide. 


6 For more POA configuration options, see Section 12.10, “Changing POA Configuration to 
Meet Post Office Needs,” on page 199. 


7 Click OK to save the POA configuration information. 


11.3.3 Installing and Starting the New POA 


To install the POA for the new post office to the location recorded under worksheet item 11, follow 
the instructions in “Installing GroupWise Agents” in the GroupWise 7 Installation Guide. 
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11.3.4 Setting Up User Access to the New Post Office 


The post office access mode determines how GroupWise client users access their mailboxes. By 
default, the GroupWise Windows and Cross-Platform clients use client/server access to the post 
office. Client/server access provides the following benefits: 


+ Client/server access provides the greatest level of security. Users do not need rights to the post 
office directory because the GroupWise client does not write directly to databases in the post 
office. All database updates are performed by the POA. 


¢ Client/server access eliminates the need for separate network logins and passwords. This 
avoids problems with login restrictions, changing passwords, and insufficient network rights. 


¢ Client/server access allows the GroupWise client to maintain multiple simultaneous 
connections to the post office. 


¢ With client/server access mode, proxy rights can be granted to any user visible in the Address 
Book. 


Historical Note: In GroupWise 5.x, the GroupWise client allowed the user to enter a path to the post 
office directory to facilitate direct access mode. The Group Wise 6.x and later clients no longer offer 
the user that option. However, you can force the GroupWise 6.x and later client to use direct access 
mode by starting it with the /ps switch and providing the path to the post office directory. 


Continue with Section 11.4, “What’s Next,” on page 171. 


11.4 What’s Next 


After you have created the new post office and started its POA, you are ready to expand the post 
office by: 
+ Adding users to the post office. See “Users” on page 201. 


+ Defining groups of users (distribution lists) that GroupWise users can select when addressing 
messages. See “Distribution Lists, Groups, and Organizational Roles” on page 261. 


¢ Defining resources (for example, conference rooms or company cars) that users can schedule. 
See “Resources” on page 247. 


¢ Defining libraries and setting up Document Management Services. See “Libraries and 
Documents” on page 291. 


+ Setting up the GroupWise Windows or Cross-Platform client software so that Group Wise users 
can run the client from Windows, Linux, or Macintosh workstations. See “Client” on 
page 1033. 


¢ Configuring the POA for optimal performance. See “Post Office Agent” on page 461. 


11.5 Post Office Worksheet 


Use this worksheet as you complete the tasks in Section 11.2, “Planning a New Post Office,” on 
page 156. 
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Item 


1) eDirectory Container 


2) Post Office Name 


3) GroupWise Domain 


4) Post Office Database 
Location 


5) Post Office Language 


6) Post Office Time Zone 


7) Software Distribution 
Directory: 


8) Create Library: 


+ Yes 


+ No 


9) Post Office Description 


10) Network Type 
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Explanation 


Specify the name of the eDirectory container where you plan to create the 
new post office. 


For more information, see Section 11.2.3, “Determining the Context for the 
Post Office Object,” on page 158. 


Specify a name for the new post office. Choose the name carefully. After 
the post office is created, it cannot be renamed. 


For more information, see Section 11.2.4, “Choosing the Post Office 
Name,” on page 160. 


Specify the domain this post office will belong to. 


For more information, see Section 11.2.2, “Selecting the Domain That the 
Post Office Will Belong To,” on page 157. 


Specify the path for the post office directory. Choose the post office 
directory carefully. After it is created, it is difficult to rename. 


For more information, see Section 11.2.5, “Deciding Where to Create the 
Post Office Directory,” on page 160. 


Specify the post office language if it is different from the domain language. 


For more information, see Section 11.2.8, “Selecting the Post Office 
Language,” on page 165. 


Specify the time zone for the post office if it is different from the domain 
time zone. 


For more information, see See Section 11.2.9, “Selecting the Post Office 
Time Zone,” on page 165. 


Specify the name of the software distribution directory for the new post 
office. 


For more information, see Section 11.2.10, “Selecting a Software 
Distribution Directory,” on page 165. 


Mark whether or not you want to create a library for the new post office at 
the same time you create the new post office. 


For more information, see Section 11.2.12, “Deciding if You Want to Create 
a Library for the New Post Office,” on page 166. 


Provide a description for the new post office to help you identify its function 
in the system. 


Specify the network type in use on the server where the new post office will 
be located. 


For more information, see Section 11.2.5, “Deciding Where to Create the 
Post Office Directory,” on page 160. 


Item 


11) Post Office Security 
Level: 

+ Low 

+ High 


eDirectory 
authentication 


LDAP authentication 
12) Agent Location 


* POA on the same 
server as the post 
office (local) 


+ POA on a different 
server from the post 
office (remote) 


Username 
Password 


13) Agent Platform 
+ NetWare POA 


+ Linux POA 
+ Windows POA 


14) Link to Domain 


+ TCP/IP 
+ Mapped 
+ UNC 


Explanation 


Mark the security level for the post offices. For high security, mark the type 
of authentication you plan to use. 


For more information, see Section 11.2.11, “Selecting a Post Office 
Security Level,” on page 166. 


Mark the location of the POA relative to the post office. 


If the POA will run on a different server from where the post office, a library, 
or a document storage area is located, provide a username and password 
to enable the POA to access the remote location. 


For more information, see Section 11.2.6, “Deciding Where to Install the 
Agent Software,” on page 161. 


Specify the platform where you plan to run the POA. 


For more information, see Section 11.2.6, “Deciding Where to Install the 
Agent Software,” on page 161. 


Mark how you plan to link the new post office to its domain. 


For more information, see Section 11.2.7, “Deciding How to Link the New 
Post Office,” on page 164. 
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Managing Post Offices 


As your GroupWise® system grows and evolves, you might need to perform the following 
maintenance activities on post offices: 

+ Section 12.1, “Connecting to the Domain That Owns a Post Office,” on page 175 

+ Section 12.2, “Editing Post Office Properties,” on page 176 

+ Section 12.3, “Managing Disk Space Usage in the Post Office,” on page 182 

+ Section 12.4, “Auditing Mailbox License Usage in the Post Office,” on page 191 

+ Section 12.5, “Tracking and Restricting Client Access to the Post Office,” on page 193 

+ Section 12.6, “Refreshing the Client View Files in the Post Office,” on page 195 

¢ Section 12.7, “Disabling a Post Office,” on page 195 

+ Section 12.8, “Moving a Post Office,” on page 196 

+ Section 12.9, “Deleting a Post Office,” on page 197 

+ Section 12.10, “Changing POA Configuration to Meet Post Office Needs,” on page 199 
See also Section 26, “Maintaining Domain and Post Office Databases,” on page 377 and Section 31, 
“Backing Up GroupWise Databases,” on page 407. Proper database maintenance and backups allow 


recovery from accidental deletions, as described in Section 32.5, “Restoring Deleted Mailbox 
Items,” on page 413 and Section 32.6, “Recovering Deleted GroupWise Accounts,” on page 416. 


12.1 Connecting to the Domain That Owns a 
Post Office 


Whenever you change post office information, it is most efficient to connect directly to the domain 
that the post office belongs to before you begin making modifications. Performing administrative 
tasks in a post office while not connected to the post office’s domain increases the amount of 
administrative message traffic sent between domains. 


To change your domain connection: 


1 In ConsoleOne® in the Console View, click Tools > GroupWise System Operations. Click 
Select Domain, browse to and select the domain directory, then click OK. 


or 
In the GroupWise View, right-click the Domain object, then click Connect. 


The Group Wise view identifies the domain that you are connected to by adding a plug symbol 
to the domain icon. 
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=) Provo1 
Ga Manufacturing 


Qa RED 
=} Provo2 
QA Accounting 


QÀ Sales 





The domain marked with the red underscore is the primary domain. 


For a discussion of cross-platform connection issues, see Section 4.1, “Select Domain,” on 
page 51. 


12.2 Editing Post Office Properties 


After creating a post office, you can change some post office properties. Other post office properties 
cannot be changed. 


1 In ConsoleOne, browse to and right-click the Post Office object, then click Properties to 
display the post office Identification page. 


Properties of Development 


GroupWise v | NDS Rights + | Other | Rights to Files and Folders | 
Identification 





Post Office: Provol Development 





Description: 





UNC Path: \WBD-Nisysigwsystemidey 





Language: English - US 








Time Zone: (GMT-07:00) Mountain Time (US & Canada) 


Database Version: F 


Configure Non-DOS Name Space Access 





Page Options... Cancel Apply 








2 Change editable fields as needed. 


For information about individual fields, see Section 11.3, “Setting Up the New Post Office,” on 
page 167 or use online help when editing the post office. 


3 Click GroupWise > Post Office Settings to display the Post Office Settings page. 
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Properties of Development 


NDS Rights + | Other | Rights to Files and Folders 





Network Type: [Noven NetWare 


Software Distribution Directory: GroupWise 7 Software hd 
Access Mode: Client/Server Only = 


Delivery Mode: [use App Thresholds z] 


a 
Max Age for Address Book Updates: 15 2j days 


T Disable Live Move 





Restore Area: (Not Set) 


Remote File Server Settings 





Remote User Name: | 


Remote Password: Set Password 








Page Options... ok | Cancel | appi | Help 





These post office settings are discussed in the following sections: 
+ Section 11.2.10, “Selecting a Software Distribution Directory,” on page 165 
+ Section 11.3.4, “Setting Up User Access to the New Post Office,” on page 171 
4 Click GroupWise > Client Access Settings to display the Client Access Settings page. 


Properties of Development 


GroupWise vil NDS Rights v | Other | Rights to Files and Folders. | 


Lock Out Older GroupWise Clients 
[T Minimum Client Release Version (x.x.x): 





T Minimum Client Release Date: 


I Disable Logins 
| Enable Intruder Detection 


Incorrect Logins Allowed: 3 4 (3-10) 

a 
Incorrect Login Reset Time: 15 5 minutes (15-60) 
Lockout Reset Time: 15 E minutes (15+) 


Page Options... ok |. Cancel | apr | 








The client access settings are discussed in the following sections: 
+ Section 12.5, “Tracking and Restricting Client Access to the Post Office,” on page 193 
¢ Section 12.7, “Disabling a Post Office,” on page 195 
¢ Section 36.3.5, “Enabling Intruder Detection,” on page 506 
5 Click GroupWise > Membership to display the Membership page. 


Managing Post Offices 177 


Properties of Development 


‘GroupWise v || NDS Rights + | Other | Rights to Files and Folders | 
[Membership H 





Dharmapalan.Development.Provo 
Mendenhall.Development.Provo 
Ramirez.Development.Provo 
Skoczylas.Development.Provo 
BGelsomino.Development.Provo 
CBolton.Development.Provo 
FHaughey.DevelopmentProvo 
FThompson.Development.Provo 
HyVong.Development.Provo 
DeSoto.Development.Provo 
Stevens.Development.Provo 
Yacoub.DevelopmentProvo 
KHuang.Development.Provo 
LTanaka.Development.Provo 
MJones.Development.Provo 
MLamaroux.Development.Provo 
MdelaTorre Development Provo 
RSteadman.Development.Provo 
‘SMurphy.Development.Provo 





Page Options... 








All users in the post office are listed, no matter where their Novell® eDirectory™ objects are 
located in the tree. Here you can add, delete, and move users in the post office. See “Users” on 
page 201. 


6 Click GroupWise > Resources to display the Resources page. 


Properties of Development 


GroupWise + | NDS Rights + | Other | Rights to Files and Folders | 
Resources 





Resources: 





(Company Car 1.GroupWise 
(Company Car 2.GroupWise 
(Conference Room 2012.GroupWise 
‘Group Meeting Room.GroupWWise 
Lunchroom.GroupWise 


OK | Cancel | Apply | 








All resources in the post office are listed, no matter where their eDirectory objects are located 
in the tree. This is a convenient place to delete resources from the post office. See “Resources” 
on page 247 


7 Click GroupWise > Distribution Lists to display the Distribution Lists page. 
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Properties of Development 


NDS Rights v | Other | Rights to Files and Folders 





Distribution Lists: 





[Engineers .GroupVVise 

GroupV\ise Administrators Docdev Novell 
Help Desk Docdev Novell 

Programmers Groupfise 

‘Secretaries .GroupVvise 

Testers GroupWise 


Page Options... Cancel | Apply | 








All distribution lists in the post office are listed, no matter where their eDirectory objects are 
located in the tree. This is a convenient place to delete distribution lists from the post office. 
See “Distribution Lists, Groups, and Organizational Roles” on page 261. 


8 Click GroupWise > Libraries to display the Libraries page. 


Properties of Development 


"| NOS Rights + | Other | Rights to Files and Folders | 
Libraries: 





Libraries: 





Development Library GroupWise 





Page Options... OK | Cancel | Apply | 





All libraries belonging to the post office are listed, no matter where their eDirectory objects are 
located in the tree. This is a convenient place to delete libraries. See “Libraries and 
Documents” on page 291. 


9 Click GroupWise > Aliases to display the Aliases page. 
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Properties of Development 


NDS Rights v | Other | Rights to Files and Folders | 





Page Options... ok | cancel | apr | 








You need to set up aliases for a post office only if you are using GroupWise gateways. For a list 
of gateways, see the GroupWise Gateways Documentation Web site (http://www.novell.com/ 
documentation/gwgateways). 


10 Click GroupWise > Internet Addressing to display the Internet Addressing page. 


Properties of Development 


‘GroupWise {| NDS Rights + | Other | Rights to Files and Folders | 
{Internet Addressint 


Override | Preferred Address format: 
E 
Defined at: Corporate Mail 


Allowed Address Formats 


Defined at: Corporate Mail 


Internet domain name: 


rate.com Y 
Defined at: Corporate Mail 
T For incoming mail, recipients are known exclusively by this Internet domain name 


Page Options... ok | Cancel | apr | 








Here you provide information used to determine the Internet addressing settings for the post 
office. See Section 45, “Configuring Internet Addressing,” on page 703 for more information. 


11 Click GroupWise > Security to display the Security page. 
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Properties of Legal 


GroupWise + | NDS Rights + | Other | Rights to Files and Folders | 


Security 


Security Level: 

C Low 

© High 

High Security Options 
F eDi 


LDAP Server 


LDAP User Name: 
LDAP Password: 
I Disable LDAP Password Changing 
Inactive Connection Timeout: 
LDAP Pool Server Reset Timeout: 


LDAP Server Quarantine Threshold: 


Page Options... 





[ 
Set Password 


| 
5 = minutes 
[74 


Select Servers 





ok | cancst | 





For instructions on setting the security level for the post office, see Section 11.2.11, “Selecting 
a Post Office Security Level,” on page 166. 


12 Click GroupWise > Default WebAccess to display the Default WebAccess page. 


Properties of Development 


| GroupWise NDS Rights v | Other | Rights to Files and Folders | 


i Default WebAcces: 


Override Default WebAccess Gateway: 


| eee 


Not Defined 


Page Options... 


OK | Cancel | 








Use this page to designate the default WebAccess gateway for the post office. See 
“WebAccess” on page 853 for more information. 


13 Click OK to save changes to the post office properties. 
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12.3 Managing Disk Space Usage in the Post 
Office 


Many users are prone to save every message and attachment they ever receive. You can moderate 
this behavior by implementing disk space management: 

+ Section 12.3.1, “Preparing to Implement Disk Space Management,” on page 182 

+ Section 12.3.2, “Setting Mailbox Size Limits,” on page 183 

+ Section 12.3.3, “Enforcing Mailbox Size Limits,” on page 185 

+ Section 12.3.4, “Restricting the Size of Messages That Users Can Send,” on page 185 


+ 


Section 12.3.5, “Preventing the Post Office from Running Out of Disk Space,” on page 187 
¢ Section 12.3.6, “An Alternative to Disk Space Management in the Post Office,” on page 190 


+ 


Section 12.3.7, “Forcing Caching Mode,” on page 190 





NOTE: The Cross-Platform client does not currently respect the mailbox size limits established in 
ConsoleOne. 





12.3.1 Preparing to Implement Disk Space Management 


If you are implementing disk space management in an existing Group Wise system, you must begin 
by setting the initial size information on all users* mailboxes. If you are implementing disk space 
management in a new GroupWise system, skip to Section 12.3.2, “Setting Mailbox Size Limits,” on 
page 183. 


To establish current mailbox size: 


1 In ConsoleOne, browse to and select a Post Office object. 


2 Click Tools > Group Wise Utilities > Mailbox/Library Maintenance. 


Novell GroupWise Mailbox/Library Maintenance 


(© GroupWise Objects: Action: 
Post Offices 7] [analyzefFix Databases 
R Prov ri 


T Structure 











Close 


r Retrieve... 
IV Contents 
I Collect statistics Save... 


IV Fix problems 
Help 





[V Update user disk space totals 


© Object Type 


Ce 


Databases | Logging | Resutts | Misc | Exclude | 


C 





T Document 











Options file: <detault> 


3 Inthe GroupWise Objects field, select Post Offices. 
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4 Inthe Action field, select Analyze/Fix Databases. 


5 As options to the action, select Contents, Fix Problems, and Reset User Disk Space Totals. 
Make sure all other options are deselected. 


6 On the Databases tab, select User. Make sure all other types of databases are deselected. 


7 Click Run, then click OK to acknowledge that the Mailbox/Library Maintenance task has been 
sent to the POA. 


After the POA has performed the task, current mailbox size information becomes available on 
each user’s mailbox. The information is updated regularly as the user receives and deletes 
messages. 


8 To generate a report of current mailbox information, follow the instructions in Section 30.1, 
“Gathering Mailbox Statistics,” on page 399. 


9 Repeat Step 1 through Step 8 for each post office where you want to implement disk space 
management. 


10 Continue with Section 12.3.2, “Setting Mailbox Size Limits,” on page 183. 


12.3.2 Setting Mailbox Size Limits 


After initial size information is recorded on each user’s mailbox, you can establish a limit on the 
amount of disk space each user’s mailbox is allowed to occupy. You can set a single limit for an 
entire domain. You can set different limits for each post office. You can even set individual user 
limits if necessary. 


If you are implementing disk space management in an existing GroupWise system where users are 
accustomed to unlimited disk space, you should warn them about the coming change. After you 
establish the mailbox size limits as described in this section, users whose mailboxes exceed the 
established limit cannot send messages until the size of their mailboxes is reduced. Users might 
want to manually delete and archive items in advance in order to avoid this interruption in their use 
of GroupWise. 


To establish mailbox size limits: 
1 In ConsoleOne, browse to and select a Domain, Post Office, or User object. 


2 Click Tools > GroupWise Utilities > Client Options. 


GroupWise Client Options X) 


E= Close 
43 
= Hel 
Environment Send == 


a g 


Security Date and Time 





3 Click Send > Disk Space Management. 
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Send Options: Development 


Send Options | Mail | Appt | Task | Note | Security Disk Space Mamt | Global Signature 
r  - «a 
Mailbox size limit: 0 E MB 


Threshold for warning users: 0 4 % 





o oa 4 
Maximum send message size: 0 3 KB 


T Limits apply to cache 


| Notify the administrator when threshold limit is exceeded 





I Notify the administrator when size limit is exceeded 


Restore Default Settings 











4 Select User Limits. 
5 Specify the maximum number of megabytes allowed for each user's mailbox. 


Unless disk space is extremely limited, 200 MB is a comfortable mailbox size to enforce. The 
maximum size limit that you can set for mailboxes is 4 GB. However, Group Wise databases 
themselves have no inherent maximum size limit. 


6 Specify as a percentage the point where you want to warn users that their mailboxes are getting 
full. 


Users can continue to send messages until the size limit is reached. After the size limit is 
reached, users must reduce the size of their mailboxes in order to send additional messages. 


7 Optionally, specify in kilobytes the largest message that users can send. 


By restricting message size, you can influence how fast users’ mailboxes fill up. However, if 
users have valid reasons for sending messages that exceed this limit, the limit can become a 
hindrance to users getting their work done. 


8 Click OK > Close to save the disk space management settings. 


If you are adding disk space management to an existing GroupWise system where users’ 
mailboxes are already over the desired size limit, continue with Section 12.3.3, “Enforcing 
Mailbox Size Limits,” on page 185. 


or 


If you are implementing disk space management in a new system where users have not yet 
begun to use their mailboxes, see “Using Mailbox Storage Size Information” in “Managing 
Your Mailbox” in the GroupWise 7 Windows Client User Guide to see how setting a mailbox 
size limit affects users’ activities in the GroupWise client. 
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12.3.3 Enforcing Mailbox Size Limits 


If existing Group Wise users are having difficulty fitting their mailboxes into the established mailbox 
size limits, you can assist them by reducing their mailboxes for them. Users should be warned before 
this action is taken. 


1 In ConsoleOne, select a Post Office object. 
2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 


Novell GroupWise Mailbox/Library Maintenance 


© GroupWise Objects: Action: 


[post Offices == | JExpire/Reduce Messages 


© Reduce only 











Close 


Retrieve... 





F items older than 60 < days 
al Save... 


[V Downloaded items older than 30 days 


v 
a 
v 


[T tems larger than 








[V Trash older than 








1 Reduce mailbox to 

| Reduce mailbox to limited size 
pinclude 
| Received items 

IV Sent items 

IV Calendar items 

T Only backed-up items 
€ Object Type T Only retained items 


9 Databases | Logging | Resuts | Misc | Exclude | 











Options file: <default> 





3 Inthe Action field, select Expire/Reduce. 

4 Set the Expire and Reduce options as desired, making sure that Reduce Mailbox to Limited Size 
is selected. 

5 Click Run, then click OK to acknowledge that the Mailbox/Library Maintenance task has been 
sent to the POA. 
After the POA has performed the task, users mailboxes fit within the mailbox size limit you 
have established. 

6 Repeat Step | through Step 5 for each post office where you want to reduce user mailboxes to 
the established mailbox size limit. 


See “Using Mailbox Storage Size Information” in “Managing Your Mailbox” in the GroupWise 7 
Windows Client User Guide to see how setting a mailbox size limit affects user activities in the 


GroupWise client. 


12.3.4 Restricting the Size of Messages That Users Can Send 


By restricting message size, you can influence how fast user mailboxes fill up. However, if users 
have valid reasons for sending messages that exceed this limit, the limit can become a hindrance to 
users getting their work done. 


For HTML-formatted messages, the MIME portion of the message counts in the message size. 
MIME files can be large. If a user cannot send an HTML-formatted message, he or she could use 
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plain text instead, in order to decrease the size of the message so that it falls within the message size 
restriction. 


There are four levels at which you can restrict message size: 


+ “Within the Post Office” on page 186 
+ “Between Post Offices” on page 187 
+ “Between Domains” on page 187 


+ “Between Your GroupWise System and the Internet” on page 187 





NOTE: Although the Cross-Platform client does not enforce the message size limits established in 
ConsoleOne using Tools > GroupWise Utilities > Client Options > Send > Disk Space Management, 
messages originating from the Cross-Platform client can be restricted by the POA and MTA as they 
pass between post offices and domains. 





Within the Post Office 


You can use Client Options to restrict the size of messages that users can send within their local post 
office. 


1 In ConsoleOne, browse to and select a Domain, Post Office, or User object. 


2 Click Tools > GroupWise Utilities > Client Options. 


GroupWise Client Options & 


Fa Close 
43 
on "| 
Environment Send = 


a g 


Security Date and Time 





3 Click Send > Disk Space Management. 
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Send Options: Development 


Send Options | Mail | Appt | Task | Note | Security Disk Space Mgmt | Global Signature 


BE 


Mailbox size limit: 


æ Lab 


Threshold for warning users: 


- 
La 








Maximum send message size: 


> 
lal» 


T Limits apply to cache 


| Notify the administrator when threshold limit is exceeded 





I Notify the administrator when size limit is exceeded 


Restore Default Settings 











4 Select User Limits. 
5 Specify in kilobytes the largest message that users can send. 


6 Click OK, then click Close to save the maximum message size setting. 


Between Post Offices 


You can configure the POA to restrict the size of messages that it allows to pass outside the local 


post office. See Section 36.2.8, “Restricting Message Size between Post Offices,” on page 495 for 
setup instructions. 


Between Domains 
You can configure the MTA to restrict the size of messages that it allows to pass outside the local 


domain. See Section 41.2.1, “Restricting Message Size between Domains,” on page 628 for setup 
instructions. 


Between Your GroupWise System and the Internet 


You can configure the Internet Agent to restrict the size of messages that it allows to pass to and 
from your GroupWise system by setting the size limits in a customized class of service. See 
Section 47.1, “Controlling User Access to the Internet,” on page 747 for setup instructions. 


12.3.5 Preventing the Post Office from Running Out of Disk 
Space 


In spite of the best disk space management plans, it is still possible that some unforeseen situation 
could result in a post office running out of disk space. To prevent this occurrence, you can configure 
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the POA to stop processing messages, so that disk space usage in the post office cannot increase 
until the disk space problem is resolved. 


1 In ConsoleOne, double-click a Post Office object, right-click its POA object, then click 
Properties. 

2 Click GroupWise > Agent Settings, then adjust the settings in the Disk Check Interval and Disk 
Check Delay fields as described in Section 36.4.2, “Scheduling Disk Space Management,” on 
page 510. 


3 Click GroupWise > Scheduled Events. 


Properties of POA 


Scheduled events used by this agent: 
IV Default POA Disk Check Event 
IV Default POA Mailbox/Library Maintenance Event 











Page Options... | 





4 Click Create to create a new scheduled event to handle an unacceptably low disk space 
condition. 


KS Create Scheduled Event 





Name: | 





Event Type: [Disk Check 
Trigger 


C Percent Trigger actions at: 





© MB Stop mail processing at: 


Actions 





[7 Default POA Disk Check Actions 





5 Type a unique name for the new scheduled event, then select Disk Check as the event type. 


6 Inthe Trigger Actions At field, specify the amount of free post office disk space at which to 
take preventive measures. 
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7 Click Create to define your own disk check actions, then give the new action a unique name. 


Scheduled Event Action 





Name: [Low Disk Space Actions 





Action: JExpireReduce Messages 


© Reduce only 
© Expire and reduce 
M a 
IV items older than 60 4 days 


F Downloaded items older than 30 =| days 
EPU 
J” items larger than 1000 E KB 


IV Trash older than 60 4 days 
5000 E KB 





[T Reduce mailbox to limited size 
Include 
IV Received items 
IV Sent items 
IV Calendar items 
T Only backed-up items 
T Only retained items 


Databases | Logging | Resuts | Misc | Exclude | Notification 








8 Configure the actions for the POA to take in order to relieve the low disk space condition. 


Use the Results or Notification tab if you want to receive notification about the POA’s response 
to the low disk space condition. 


9 Click OK to return to the Create Scheduled Event dialog box. 


FC] Create Scheduled Event 





Name: Stop Message Processing 











Event Type: Disk Check 


Trigger 


C Percent Trigger actions at: 50 4 MB 
© MB Stop mail processing at: 20 4 MB 





y Actions 





IV Low Disk Space Actions 


[T Default POA Disk Check Actions Create | 


Frs 


OK | Cancel | Help | 








For additional instructions, see Section 36.4.2, “Scheduling Disk Space Management,” on 
page 510. 


10 Select the new set of actions. 


11 In the Stop Mail Processing At field, specify the amount of free post office disk space at which 
you want the POA to stop processing messages. 


12 Click OK to create the new disk space management event and return to the Scheduled Events 
page. 
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Properties of POA 
NDS Rights v | Other | Rights to Files and Folders 


Scheduled events used by this agent: 
[T Default POA Disk Check Event 
[T Default POA Mailbox/Library Maintenance Event 








IV Stop Message Processing 








Page Options... | Cancel | 








13 Select the new disk space management event. 
14 Click OK to close the Scheduled Events page. 
ConsoleOne then notifies the POA to restart so the new disk space management event can be 


put into effect. 


12.3.6 An Alternative to Disk Space Management in the Post 
office 


If you want to place more responsibility for disk space management onto Group Wise client users, 
you can reguire that they run the client in Caching mode, where all messages can be stored on user 
workstations, or other personal locations, rather than in the post office. For an overview of Caching 


mode, see: 
+ “Using Caching Mode” in the Group Wise 7 Windows Client User Guide 
+ “Using Caching Mode” in the GroupWise 7 Cross-Platform Client User Guide 


IMPORTANT: Do not force Caching mode for a post office that supports Outlook* clients along 
with Group Wise clients. 





12.3.7 Forcing Caching Mode 


You can force Caching mode for an entire domain. You can force Caching mode for specific post 
offices. You can even force Caching mode for an individual user if necessary. 


When you initially force caching mode, users’ Caching mailboxes are identical with their Online 
mailboxes. However, as you employ disk space management processes in the post office and reduce 
the size of users’ Online mailboxes, more and more of the users’ mailbox items exist only in their 
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Caching mailboxes. Make sure that users understand their responsibilities to back up their Caching 
mailboxes, as described in: 


+ “Backing Up Your Mailbox” in “Managing Your Mailbox” in the GroupWise 7 Windows Client 
User Guide 


+ “Backing Up Your Mailbox” in “Managing Your Mailbox” in the GroupWise 7 Cross-Platform 
Client User Guide 


To force Caching mode: 


1 In ConsoleOne, browse to and select a Domain, Post Office, or User object. 


2 Click Tools > GroupWise Utilities > Client Options. 


GroupWise Client Options (x) 


Close 

S 3; 
(CT 

Hel 

Environment Send he | 


a g 


Security Date and Time 





3 Click Environment > Client Access. 


Client Login Mode 


IV Allow use of "Remote" mode fon 


IV Allow use of "Caching" mode 


T Force "Caching" mode after: 14 Sheys 


IV By default, show login mode drop-down list on client toolbar 


4 Inthe Client Login Mode box, select Force Use of Caching Mode. 

5 Click OK, then click Close to save the Caching mode setting. 
If you are helping existing users, who might have sizeable mailboxes, to start using Caching mode 
exclusively, you can configure the POA to respond efficiently when multiple users need to 


download their entire mailboxes for the first time. See Section 36.2.7, “Supporting Forced Mailbox 
Caching,” on page 494 for setup instructions. 


12.4 Auditing Mailbox License Usage in the Post 
Office 


You can run an audit report in a post office to see 1) which mailboxes require full client licenses and 
which mailboxes require limited client licenses, and 2) which mailboxes are active (have been 
accessed at least one time), which ones have never been active, and which ones have been inactive 
for a specified period of time. 


A mailbox requires a full client license (and is marked as a full client license mailbox) if it has been 
accessed by any of the following: 


+ The GroupWise Windows client (grpwise.exe) 
+ GroupWise Notify (notify.exe) or GroupWise Address Book (addrbook. exe) 
+ The GroupWise Cross-Platform client (groupwise) 


+ Microsoft Outlook with the GroupWise 7 Connector installed 
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+ The Microsoft Outlook Plug-In for GroupWise 5.5 

+ A third-party plug-in to the GroupWise client API 

+ A mobile device with mailbox synchronization capabilities provided by GroupWise Mobile 
Server (GMS) or Research in Motion* (RIM*) BlackBerry* Enterprise Server* (BES). 


A mailbox requires a limited client license only (and is marked as a limited client license mailbox) if 
access to it has been limited to the following: 

+ The GroupWise WebAccess client 

+ A GroupWise Windows or WebAccess client via the Proxy feature 

+ Any GroupWise client via the Busy Search feature 

+ A POP, IMAP, or SOAP client 

+ A mobile device using WebAccess browser access to the mailbox 

+ A mobile device with mailbox synchronization capabilities provided by NotifyCorp* 

NotifyLink* and other third-party products that use IMAP access to the mailbox 


To generate an audit report for the post office: 


1 In ConsoleOne, browse to and select the Post Office object. 


2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 


Novell GroupWise Mailbox/Library Maintenance 


© GroupWise Objects: Action: 


Post Offices = JanalyzeiFix Databases 


T Structure 











Close 


4 Retrieve... 
Contents 

I Collect statistics Save... 
IV Fix problems 





Help 
F Update user disk space totals 


© Object Type 


Databases | Logging | Resuts | Misc | Exclude | 


IV User 











Options file: <detault> 


3 Inthe Action field, select Audit Report. 
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Novell GroupWise Mailbox/Library Maintenance 


(° GroupWise Objects: Action: 


Post Offices zi Audit Report FC] 
Ñ Provol Development 





Close 


Show accounts without activity for previous 
Retrieve... 





a 
60 Jj days 


Save... 





Help 


© Object Type 


9 Databases | Logging | Resutts | Misc | 


e 














Options file: <default> 


4 In the Show Accounts without Activity for nn Days field, select the number of days you want to 
use for the inactivity report. 


Using the default setting (60 days) causes the Mailbox/Library Maintenance program to 
indicate the mailboxes that have not had any activity within the last 60 days. 


5 Ifyou want write the report to a log file, click the Logging tab, then specify a name for the log 
file. 


6 Ifyou want to send the results as an e-mail message to the domain’s GroupWise administrator 
or to another individual, click the Results tab, then select the appropriate options. 


7 Click Run, then click OK to acknowledge that the Mailbox/Library Maintenance task has been 
sent to the POA. 


After the POA has performed the task, the audit report is generated in the format (log file or e- 
mail message) you specified. 


Audit reports are stored as part of the information available on Post Office and Domain objects in 
ConsoleOne. Right-click a Domain or Post Office object, then click Tools > GroupWise Diagnostics 
> Information. The information stored on the Domain object is cumulative for all post office in the 
domain for which audit reports have been run. 


Audit reports can also be scheduled to run on a regular basis by properly configuring the POA to 
perform a Mailbox/Library Maintenance event. See Section 36.4.1, “Scheduling Database 
Maintenance,” on page 507. 


12.5 Tracking and Restricting Client Access to 
the Post Office 


By default, the post office allows multiple versions of the GroupWise Windows and Cross-Platform 
clients to access it. Using the Web console available for the post office’s POA, you can see the 
version number of each GroupWise client that logs in to the post office in client/server access mode 
(TCP/IP to the POA). This information is displayed on the POA Web console’s C/S Users page. For 
more information, see Section 37.2, “Using the POA Web Console,” on page 530. 
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IMPORTANT: Because the POA provides the version tracking and enforces the client lockout, this 
functionality applies only to GroupWise clients that are accessing the post office in client/server 
mode (not direct access mode). 





To help you better monitor and track which versions of the GroupWise client are being used to 
access the post office, you can specify a preferred GroupWise client version for the post office. Any 
version that does not match the preferred version is highlighted on the POA Web console’s C/S 
Users page. Older versions are shown in red, and newer versions are shown in blue. 


In addition, to restrict which versions of the GroupWise client can access the post office, you can 

choose to lock out any GroupWise clients that are older than the preferred version. If you want to 

lock out all Group Wise clients (for example, to rebuild the post office database), see Section 12.7, 
“Disabling a Post Office,” on page 195. 


To specify a preferred Group Wise client version for the post office and to enable the POA to lock 
out specific GroupWise client versions: 


1 In ConsoleOne, right-click the Post Office object, then click Properties. 
2 Click GroupWise > Client Access Settings to display the Client Access Settings page. 


Properties of Development 
GroupWise NDS Rights y | Other | Rights to Files and Folders 
[Glent Access Settings | 


Lock Out Older GroupWise Clients 
F Minimum Client Release Version (x.x.x): 











[ Minimum Client Release Date: 





T Disable Logins 
[V Enable Intruder Detection 
Incorrect Logins Allowed: 3 = (3-10) 


To se i 
Incorrect Login Reset Time: 15 3 minutes (15-60) 





Lockout Reset Time: 15 = minutes (15+) 





Page Options... Cancel Apply 





3 Fill in the following fields: 


Minimum Client Release Version: Specify the version to use as the post office’s preferred 
Group Wise client version. Any version that does not match the preferred version is highlighted 
on the POA Web console’s C/S Users page. Older versions are shown in red, and newer 
versions are shown in blue. The version number syntax should match what is displayed in the 
Group Wise client’s About GroupWise dialog box. Only version 5.5 Enhancement Pack SP1 
and newer are supported. 


Minimum Client Release Date: This field is available only if you specify a release version. 
You can use this field to associate an expected release date with the release version. The C/S 
Users page highlights any dates that do not match the one entered here. 


Lock Out Older GroupWise Clients: Select this option for either or both of the above options 
to lock out any Group Wise clients (client/server mode only) that are older than the version and/ 
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or date specified in the Release Version and Release Date fields. For example, if you entered 
6.0.0 in the Release Version field and April 6, 2001 12:00 AM in the Release Date field and 
selected this option for both, any GroupWise client that is older than version 6.0 or is dated 
before April 6, 2001 12:00 AM is not allowed access to the post office. 


4 Click OK to save the changes. 


12.6 Refreshing the Client View Files in the Post 
Office 


The GroupWise Windows client software includes view files that control the appearance of the 
client interface. When you copy the client software to a software distribution directory, the view 
files are included. A copy of the view files is also stored in each post office. 


When you use AutoUpdate to force Windows client software updates, the AutoUpdate process 
makes one attempt to update the view files in the post office based on the latest client software in the 
software distribution directory. If that attempt fails, the problem is recorded in the POA log file and 
you can then manually update the view files in the post office. 


1 In ConsoleOne, select the post office whose view files you want to update, then click Tools > 
GroupWise Utilities > System Maintenance. 


GroupWise System Maintenance 


C Validate Database 
© Recover Database 
~ Rebuild Database 





Reclaim Unused Space 


for Listing 


Description: 
Refresh the client views from the Software Distribution 
Area the post office is assigned to use. 





2 Select Refresh Views, click Run, click Yes, then click OK. 


The POA then retrieves the latest view files from the software distribution directory associated 
with the selected post office. 


IMPORTANT: If you have created custom view files with the same names as standard view 
files, they will be overwritten when the post office view files are refreshed from the software 
distribution directory. If you have such customized view files, you must back them up and t hen 
restore them so that your customizations are not lost because of the refresh. 





12.7 Disabling a Post Office 


Disabling a post office restricts users from starting the GroupWise Windows or Cross-Platform 
client and accessing the post office. However, users who are already running the GroupWise client 
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can continue to access the post office; after they exit, they cannot access the post office again until 
the post office is enabled. 


A post office must be disabled if you are rebuilding the post office database (wphost.db). You might 
also want to disable a post office when you are doing a complete GroupWise system backup. That 
ensures that all data is consistent at the time of the backup. 


1 In ConsoleOne, browse to and right-click the Post Office object, then click Properties. 
2 Click GroupWise > Client Access Settings to display the Client Access Settings page. 


Properties of Development 
‘GroupWise NDS Rights + | Other | Rights to Files and Folders 
egies Eene 


Lock Out Older GroupWise Clients 
[T Minimum Client Release Version (x.x.x): 














[ Minimum Client Release Date: 


T Disable Logins 
[V Enable Intruder Detection 
õi 
Incorrect Logins Allowed: 3 4 (3-10) 


[ á] 
Incorrect Login Reset Time: 15 = minutes (15-60) 





Lockout Reset Time: 15 E minutes (15+) 





Page Options... ok | Cancel | Apnly | Her | 





3 Select Disable Logins, then click OK to disable the post office. 
4 To re-enable logins, deselect Disable Logins so that it is blank. 


12.8 Moving a Post Office 


You cannot move a Post Office object in ConsoleOne because it is a container object. Only leaf 
objects can be moved. If you need to change the context, graft the Group Wise post office to its 
corresponding eDirectory object in the new container location. See Section 5.16, “GW / eDirectory 
Association,” on page 77 for more information on grafting objects. 


You can, however, move the post office directory, the post office database (wphost . db), and the 
other databases that reside in the post office by copying the post office directory structure and all its 
contents to the new location. 





IMPORTANT: Follow these instructions if you want to move a post office on a NetWare or 
Windows server to another directory on the same server or to a different NetWare or Windows 
server. If you want to move a post office located on a NetWare or Windows server onto a Linux 
server, see “Manually Migrating a Post Office and Its POA to Linux” in “Update” in the Group Wise 
7 Installation Guide. 





To move a post office directory structure and all its contents: 
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1 Make sure all users are out of the post office, then disable logins to the post office. See 
Section 12.7, “Disabling a Post Office,” on page 195. 


2 Back up the post office. See Chapter 31, “Backing Up GroupWise Databases,” on page 407. 
3 In ConsoleOne, display the Identification page of the post office to move. 


4 Inthe UNC Path field, change the UNC path to the location where you want to move the post 
office, then click OK to save the new location. 


The location change is then propagated up to the domain. 
5 Stop the POA for the post office. 


6 Use xcopy with the /s and /e options to move the post office directory and its contents. These 
options re-create the same directory structure even if directories are empty. 


Example: 


xcopy post office directory /s /e destination 
7 Give rights to objects that need to access the post office database. 


For example, if the new location is on a different server, the NetWare® POA and Group Wise 
administrators who run ConsoleOne need adequate rights to the new location, as described in 
Chapter 75, “GroupWise Administrator Rights,” on page 1139. 


8 Edit the POA startup file by changing the setting of the /home switch, then restart the POA. See 
Section 36.1.6, “Adjusting the POA for a New Post Office Location,” on page 484. 


9 When you are sure the post office is functioning properly, delete the original post office 
directories. 


If you need to move the POA along with its post office, see Section 36.1.5, “Moving the POA to a 
Different Server,” on page 484. 


12.9 Deleting a Post Office 


You cannot delete a post office until you have deleted or moved all objects that belong to it. Keep 
the POA running until after you have deleted the post office, so that it can process the object deletion 
requests. 


1 In ConsoleOne, right-click the Post Office object to delete, then click Properties. 
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Properties of Development K) 
GroupWise + | NDS Rights ~ | Other | Rights to Files and Folders | 
v Identification 

















Post Office Settings marea ~~~ 
Client Access Settings Provo1 Development 
Membership 
Resources 
Dlsirhulep Lise [vuBD-nimisystgwsystemidev (Ei 
Libraries 

English - US < 
Gateway Aliases = 
Internet Addressing |¢om-07:00) Mountain Time (US & Canada) SI 
Security 7 


Default WebAccess 


Configure Non-DOS Name Space Access 








Page Options... OK Cancel Apply Help. 


2 Click GroupWise > Resources, then delete any resources that still belong to the post office. See 
Section 16.5, “Deleting a Resource,” on page 256. 


You must delete resources before users, because users who own resources cannot be deleted 
without assigning a new owner in the same post office. 


3 Click GroupWise > Membership, then delete or move any users that still belong to the post 
office. See Section 14.10, “Removing GroupWise Accounts,” on page 241 and Section 14.4, 
“Moving GroupWise Accounts,” on page 222. 


4 Click GroupWise > Distribution Lists, then delete any distribution lists that still belong to the 
post office. See Section 18.7, “Deleting a Distribution List,” on page 272. 


5 Click GroupWise > Libraries, then delete any libraries that still belong to the post office. See 
Section 22.6.7, “Deleting a Library,” on page 330. 


6 Click OK to perform the deletions. 


It is easy to perform such deletions in the GroupWise View. Select the Post Office object in the 
GroupWise View, then use the drop-down list of objects to display objects of each type that still 
belong to the post office. Delete any residual objects in the Console View. 


7 In ConsoleOne, browse to and right-click the Domain object that owns the post office to delete, 
then click Properties. 


8 Click GroupWise > Post Offices, select the post office to delete, then click Delete. 


9 Stop the POA for the post office, as described in the following sections in the GroupWise 7 
Installation Guide: 


+ “Stopping the NetWare GroupWise Agents” 
+ “Stopping the Linux GroupWise Agents” 
+ “Stopping the Windows GroupWise Agents” 


10 Uninstall the POA software if applicable, as described in the following sections in the 
Group Wise 7 Installation Guide: 


+ “Uninstalling the NetWare GroupWise Agents” 
+ “Uninstalling the Linux GroupWise Agents” 
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+ “Uninstalling the Windows GroupWise Agents” 


12.10 Changing POA Configuration to Meet Post 
Office Needs 


Because the POA delivers messages to mailboxes, responds in real time to client/server users, and 
maintains all databases located in the post office, its functioning affects the post office and all users 
who belong to the post office. Proper POA configuration is essential for a smoothly running 

Group Wise system. Complete details about the POA are provided in Part IX, “Post Office Agent,” 
on page 461. As you create and manage post offices, you should keep in mind the following aspects 
of POA configuration: 


+ 


+ 


Section 36.3.3, “Securing the Post Office with SSL Connections to the POA,” on page 498 
Section 36.3.4, “Providing LDAP Authentication for GroupWise Users,” on page 501 


Section 36.3.5, “Enabling Intruder Detection,” on page 506 

Section 36.2.3, “Supporting IMAP Clients,” on page 490 

Section 36.2.4, “Supporting SOAP Clients,” on page 491 

Section 36.2.5, “Supporting CAP Clients,” on page 492 

Section 38.1, “Optimizing Client/Server Processing,” on page 547 

Section 36.4.1, “Scheduling Database Maintenance,” on page 507 

Section 36.4.3, “Performing Nightly User Upkeep,” on page 513 

Section 36.2.8, “Restricting Message Size between Post Offices,” on page 495 
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Users 


+ Chapter 13, “Creating GroupWise Accounts,” on page 203 
+ Chapter 14, “Managing GroupWise Accounts and Users,” on page 217 
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Creating GroupWise Accounts 


For users to be able to use GroupWise®, you must give them GroupWise accounts. A GroupWise 
account defines the user in the GroupWise system by providing the user with a GroupWise user ID 
and GroupWise mailbox. 


You can give GroupWise accounts to Novell® eDirectory™ users during or after their creation in 
eDirectory. You can also give GroupWise accounts to users who do not have eDirectory accounts. 
Refer to the following sections for details: 


+ Section 13.1, “Establishing a Default Password for All New GroupWise Accounts,” on 
page 203 

¢ Section 13.2, “Creating GroupWise Accounts for eDirectory Users,” on page 204 

+ Section 13.3, “Creating GroupWise Accounts for Non-eDirectory Users,” on page 214 


+ Section 13.4, “Educating Your New Users,” on page 215 


13.1 Establishing a Default Password for All New 
GroupWise Accounts 


To save time and energy when you are creating new GroupWise accounts, you can establish a 
default password to use for all new accounts. 


1 In ConsoleOne®, click Tools > GroupWise System Operations > System Preferences > Default 
Password. 


GroupWise System Preferences 


Admin Preferences | Routins Ontinns | External Access Rights 
Nickname Settings Admin Lockout Settings 





Default password for new users: | 








| Cancel | Help 








2 Type the password you want to use as the default, then click OK. 
3 Explain to users how to set their own passwords in the GroupWise client, as described in: 
+ “Assigning Passwords to Your Mailbox” in the GroupWise 7 Windows Client User Guide 


+ “Assigning Passwords to Your Mailbox” in the GroupWise 7 Cross-Platform Client User 
Guide 
+ “Changing Your GroupWise Password” in the GroupWise 7 WebAccess Client User Guide 
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13.2 Creating GroupWise Accounts for 
eDirectory Users 


Depending on your needs, you can choose from the following methods to create Group Wise 
accounts for eDirectory users: 


+ Creating a Single GroupWise Account: You can create a GroupWise account for a single 
eDirectory user by editing the GroupWise information on his or her User object. This method 
lets you create the GroupWise account on any post office, select the GroupWise user ID, and 
configure optional GroupWise information. It provides the most flexibility in creating a user’s 
Group Wise account. 


¢ Creating Multiple GroupWise Accounts: You can create GroupWise accounts for multiple 
eDirectory users by editing the membership information on a Post Office object. This method 
allows you to quickly add multiple users to the same post office at one time. However, you 
cannot select the user’s GroupWise user ID; instead, the user’s eDirectory username is 
automatically used as his or her GroupWise user ID. In addition, to configure other optional 
Group Wise information for a user, you need to modify each User object. 


+ Using a Template to Create GroupWise Accounts: You can create a template to apply to new 
eDirectory User objects you create. The template can be configured to automatically assign the 
user to a post office. 


¢ Creating GroupWise Accounts by Importing Users: You can import information from ASCII- 
delimited text files. 


13.2.1 Creating a Single GroupWise Account 


To create a GroupWise account for an eDirectory user: 


1 In ConsoleOne, right-click the User object, then click Properties. 
2 Click GroupWise > Account to display the Account page. 


Properties of zlucas 


General + |G 





Post Office: 





Mailbox ID: zlucas 








Visibility: 





External Sync Override: 





Account ID: 


File ID: 





Expiration Date: 





Gateway Access: 
in 
LDAP Authentication: 








Restore Area: 








Page Options... | Cancel | 





3 Fillinthe following fields: 
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Post Office: Select the post office where you want the user’s mailbox created. 


Mailbox ID: The mailbox ID (also referred to as the GroupWise user ID or username) defaults 
to the eDirectory username. You can change it if necessary. 


Do not use any of the following invalid characters in the mailbox ID: 


ASCII characters 0-13 Comma , 

Asterisk * Double quote “ 

At sign @ Extended ASCII characters that are graphical or typographical 
symbols; accented characters in the extended range can be used 

Braces { } Parentheses ( ) 

Colon : Period . 


Click Apply to create the account. 


You must create the account by clicking Apply (or OK) before you can modify any of the other 
fields, including the GroupWise password. 


If desired, modify any of the following optional fields: 


Visibility: Select the level at which you want the user to be visible in the Address Book. 
System enables the user to be visible to all users in your GroupWise system. Domain enables 
the user to be visible to all users in the same domain as the user. Post Office enables the user to 
be visible to all users on the same post office as the user. Setting the visibility level to None 
means that no users can see the user in the Address Book. However, even if the user is not 
displayed in the Address Book, other users can send messages to the user by typing the user’s 
ID (mailbox ID) in a message’s To field. 


External Sync Override: This option applies only if your GroupWise system links to and 
synchronizes with an external system, as described in “Connecting to GroupWise 5.x, 6.x, and 
7.x Systems” in the GroupWise 7 Multi-System Administration Guide. 


Select the Synchronize According to Visibility setting if you want the user information to be 
provided to the other system only if the user’s visibility is set to System. 


Select the Synchronize Regardless of Visibility setting if you always want the user information 
provided to the other system regardless of the user’s visibility level. 


Select the Don t Synchronize Regardless of Visibility setting if you never want the user 
information provided to the other system. 


Account ID: This option applies only if you have a GroupWise gateway that supports 
accounting. For more information about gateway accounting, see your GroupWise gateway 
documentation (http://www.novell.com/documentation/gwgateways). 


File ID: This three-letter ID is randomly generated and is non-editable. It is used for various 
internal purposes within the GroupWise system, including ensuring that files associated with 
the user have unique names. 


Expiration Date: If you want the user’s GroupWise account to no longer work after a certain 
date, specify the expiration date. This date applies to the user's Group Wise account only; it is 
independent of the eDirectory account expiration date (User object > Restrictions > Login 
Restrictions). For more information, see Section 14.10.2, “Expiring a GroupWise Account,” on 
page 243. 
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Gateway Access: This option applies only if you have GroupWise gateways that support 
access restrictions. For more information, see your GroupWise gateway documentation (http:// 
www.novell.com/documentation/gwgateways). 


Disable Logins: Select this option to prevent the user from accessing his or her Group Wise 
mailbox. For more information, see Section 14.9, “Disabling and Enabling GroupWise 
Accounts,” on page 240. 


LDAP Authentication: This option applies only if you are using LDAP to authenticate users 
to GroupWise, as described in Section 36.3.4, “Providing LDAP Authentication for Group Wise 
Users,” on page 501, and if the LDAP server is not a Novell LDAP server. If this is the case, 
specify the user’s LDAP authentication ID. 


Restore Area: This field applies only if you are using the GroupWise backup and restore 
features. If so, this field indicates the location where the user’s mailbox is being backed up. For 
details, see Chapter 32, “Restoring GroupWise Databases from Backup,” on page 411. 


Change GroupWise Password: Click this option to assign a password to the user’s 
Group Wise account or change the current password. The user is prompted for this password 
each time he or she logs in to GroupWise. 


To be able to skip this option by setting a default password, see Section 13.1, “Establishing a 
Default Password for All New GroupWise Accounts,” on page 203. 


Delete GroupWise Account: Click this option to delete the user’s GroupWise account. This 
includes the user’s mailbox and all items in the mailbox. The user’s eDirectory account is not 
affected. For more information, see Section 14.10, “Removing GroupWise Accounts,” on 
page 241 


6 Click Apply to save the changes. 


7 Click GroupWise > General > Identification to display the user’s current eDirectory 
information. 


This information appears in the GroupWise Address Book, as described in Chapter 6, 
“Group Wise Address Book,” on page 85. If you keep private information in the Description 
field of the User object, you can prevent this information from appearing the Group Wise 
Address Book. See Section 6.1.5, “Preventing the User Description Field from Displaying in 
the Address Book,” on page 89. 


8 Make sure that the user’s eDirectory information is current, then click OK. 


13.2.2 Creating Multiple GroupWise Accounts 


If you have multiple eDirectory users who will have GroupWise accounts on the same post office, 
you can use the Post Office object’s Membership page to quickly add the users and create their 
accounts. Each user’s GroupWise user ID will be the same as his or her eDirectory username. 


To create GroupWise accounts for multiple eDirectory users: 


1 In ConsoleOne, right-click the Post Office object, then click Properties. 
2 Click GroupWise > Membership to display the Membership page. 
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Page Options... 





3 Click Add, select the eDirectory user you want to add to the post office, then click OK to add 
the user to the post office’s membership list. 


By default, the user’s eDirectory username is used as the GroupWise ID. 


A GroupWise user ID cannot contain any of the following invalid characters: 


ASCII characters 0-13 Comma , 

Asterisk * Double quote “ 

At sign @ Extended ASCII characters that are graphical or typographical 
symbols; accented characters in the extended range can be used 

Braces { } Parentheses ( ) 

Colon : Period . 


4 Repeat Step 3 to create additional Group Wise accounts in the post office. 
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Properties of Development 


NDS Rights + | Other | Rights to Files and Folders | 











ebPubUser Users Docdev Novell 
jaskoczylas Users Docdey Novell 
gsmith Users Docdev Novell 
jpangilinan Users Docdey Novell 
khuang.Users Docdev Novell 
mbarnard Users Docdev Novell 
mpalu.Users Docdey Novell 
hu.Users Docdev Novell 








Page Options... | Cancel | 








5 When finished, click OK to save the changes. 


13.2.3 Using a Template to Create GroupWise Accounts 


If you frequently create new users, you might want to create Template objects with the necessary 
GroupWise properties. This makes creating a new eDirectory user with GroupWise access a one- 
step process. However, you cannot use a Template object to give GroupWise properties to existing 
eDirectory users. 


The steps to create a template with GroupWise properties include assigning the post office and 
setting up directory rights. Because a user can have membership in only one post office, a different 
template should be created for each existing post office. Further, for each post office, a template can 
be created for different categories of users, such as secretarial, accounting, administrative, human 
resources, development, sales, and manufacturing. 


After one template has been created with eDirectory properties and post office directory rights, you 
can use it to quickly create templates for subsequent post offices. 
+ “Creating a Template” on page 208 


+ “Creating a User Account from a Template” on page 209 


Creating a Template 


1 In ConsoleOne, right-click the Organizational Unit object where you want to create the 
Template object, then click New > Object to display the New Object dialog box. 


Templates should be placed in the same organizational unit where they will be used because the 
browser first lists any templates in the current context. The template also inherits rights from 
the container the template is created in, further simplifying its setup. 


2 Inthe Class list, select Template, then click OK to display the New Template dialog box. 
3 Specify a name that describes the purpose for which the template will be used. 


4 If you want to base the template on another Template or User object, select Use Template or 
User, then browse to and select the desired Template or User object. 
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5 
6 
7 
8 


Select Define Additional Properties. 

Click Create to display the properties pages for the Template object. 
Click GroupWise > Information. 

Fill in the following fields: 

Post Office: Select the post office the user will be assigned to. 


Visibility: Select the level at which the user will be visible in the Address Book. System 
enables the user to be visible to all users in your GroupWise system. Domain enables the user 
to be visible to all users in the same domain as the user. Post Office enables the user to be 
visible to all users on the same post office as the user. Setting the visibility level to None means 
that no users can see the user in the Address Book. However, even if the user is not displayed in 
the Address Book, other users can send messages to the user by typing the user’s ID (mailbox 
ID) in a message’s To field. 


Account ID: This field supports accounting for GroupWise gateways. For more information 
about gateway accounting, see your gateway documentation. 


Expiration Date: Use this to set a date when the user’s account will expire. The user cannot 
access the account after that date. For more information, see Section 14.10.2, “Expiring a 
GroupWise Account,” on page 243. 


Gateway Access: This is used to grant or restrict access to some GroupWise gateways. See 
your GroupWise gateway documentation (http://www.novell.com/documentation/gwgateways) 
to determine if this field applies. 


Modify information on any of the other tabs to configure the template, then click OK to save 
the template changes. 
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a Fk © N 


In ConsoleOne, right-click the container where you want to create a new eDirectory user, then 
click New > User. 


Specify a Name, Surname, and Unique ID (all three are required). 
Select Use Template, then browse to and select the template you want applied to this user. 
Modify any of the other options you want. 


Click OK to create the user’s eDirectory and GroupWise accounts. 


13.2.4 Creating GroupWise Accounts by Importing Users 


You can use the GroupWise Import utility to quickly create multiple Group Wise users. The Import 
utility reads an ASCH -delimited text file created by the GroupWise Export utility or by a third-party 
export, and creates Novell eDirectory and GroupWise objects with attributes from the file. The 
Import utility supports most eDirectory classes (including extensions) and GroupWise classes. You 
can specify the delimiters, eDirectory contexts, and file field positions to use during import. 





IMPORTANT: The Import/Export utility is not included on the GroupWise CDs. You can 
download the Import/Export utility from TID 2960897 in the Novell Support Knowledgebase (http:/ 
/www.novell.com/support). To install the Import/Export utility, follow the instructions provided 
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with the download. After you have installed the Import/Export utility, the Import and Export menu 
items appear under Tools > GroupWise Utilities in ConsoleOne. 





+ “Using the Import Utility” on page 210 
+ “Using the Export Utility” on page 212 





NOTE: The Import/Export utility is not available for use on Linux. 





Using the Import Utility 
In order to import objects into GroupWise, the following conditions must be met: 


+ You must create an ASCII-delimited text file by using the GroupWise Export utility or another 
export utility. 


¢ The destination context for each eDirectory object must already exist. The GroupWise Import 
utility supports creating organizational units. If a large portion of a tree needs to be 
reconstructed to support the objects, you can import organizational units before importing the 
objects. 


To import objects into GroupWise: 


1 In ConsoleOne, select the eDirectory tree to which the objects will be imported, then click 
Tools > GroupWise Utilities > Import to display the GroupWise Import dialog box. 


GroupWise Import 





© NDS/GroupWise Class: 
C GroupWise Class: 


Import File: 
El | 


Attributes: File Fields: 








Delimiters... 





(2) 
£ 





| = Mandatory attribute Configuration: 


Load... 
[ Skip the first line of the import file Save... 


Starting Destination Context: 
[Root] 








2 Ifyou have previously defined and saved a configuration file, click Load to fill in the fields 
from the configuration files, then click Run to perform the import. 


or 
Fill in the fields in the Import Dialog box. 


NDS/GroupWise Class: Select this option to import objects belonging to an eDirectory class 
or to a GroupWise-related eDirectory class. Choose the class from the list. 


GroupWise Class: Select this option to import objects belonging to a GroupWise class not 
represented in eDirectory. Choose external user, external domain, external post office, 
Document-Version, or Lookup Entry from the list 
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Parent: If you are importing objects that belong to a Group Wise-related eDirectory class or a 
Group Wise-only class, the parent attribute is required unless: 


¢ The class is the eDirectory User class, in which case the object can be optionally 
associated with Group Wise by specifying a value here. 


+ The value is in the import file and is explicitly imported by your positioning the NGW: 
Post Office attribute in the File Fields list box, explained below. In this case, if the value 
obtained from the file is blank, the Post Office field value, if any, is used. 


Import File: Specify the full path and file name of the ASCII text file. 


Attributes / File Fields: This list displays the attributes of the selected class. Move the 
attributes to correspond to the fields in the ASCII text file to the File Fields list. 


Some attributes are marked with an exclamation point (!), indicating that a value for that 
attribute must exist for a successful import. The import also requires a value for either the 
object name or distinguished name. 


Starting Destination Context: Specify the destination eDirectory context for the objects to be 
imported. If DN or Context from Root is selected as an import field, the value in this field is 
ignored because both DN and Context from Root specify the destination context. 


An imported object’s position in the tree can be constructed in a flexible manner using the 
Context from Root, Context from Starting, DN, and Object Name class attribute fields and the 
Starting Destination Context field. The following combinations are valid: 


DN Each object's name and context are found in this field value. 

Object Name + Each object name in the Object Name field is added to the context 
Starting Destination specified in Starting Destination Context. 

Context 

Object Name + Each object name in the Object Name field is added to the context 
Context from Starting + obtained by concatenating the value in the Context from Starting field 
Starting Destination and the value specified in Starting Destination Context. 

Context 

Object Name + Each object name in the Object Name field is added to the context read 
Context from Root from the Context from Root field. 


Skip the First Line of the Import File: This directs the import to skip the first line if it 
contains the attribute names. 


Delimiters: Accept the defaults shown or change the delimiters to match those used by the 
export file. For more information, see “Delimiters” on page 212. 


3 For convenience, save the configuration for later use. See “Loading or Saving a Configuration 
File” on page 211. 


4 Click Run to perform the import. 


An import.log file is created in the same directory as the import file and contains a list of the 
imported objects. 


Loading or Saving a Configuration File 


An import or export configuration can be saved and loaded, saving you the trouble of manually 
filling in the fields for multiple imports or exports. A configuration saved from an export can be 
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loaded for an import, helping ensure that the file field positions, for example, correspond for both 
the import and export. 


Delimiters 


Delimiters are used in ASCII text files to separate items that represent fields and records in imported 
or exported data. 


Default delimiters are associated with each delimiter type. A delimiter can be set to None, but if so, 
and the export encounters a condition requiring a delimiter, the export reports an error. 


+ Between Fields: This delimiter is placed between each field. 
+ Around Each Field: Use this delimiter to indicate the beginning and end of each field. 
+ After Each Record: This delimiter is placed at the end of each record. 


+ Between Values (Multi-Value Fields): Use this delimiter to separate the values in a multi- 
valued field. For example, an attribute such as Group Membership can have one or more 
values. Each Group Membership value is delimited by the multi-value field delimiter. 


+ Between Elements (Multi-Element Values): Use this delimiter to separate the elements of a 
multi-element value. For example, an attribute having the syntax of SYN OBJECT. ACL has 
three elements: the protected attribute name, the subject name, and the privileges. 


+ Before Literal Characters: When you import an ASCII file created by a third-party export 
program, precede each literal character that is also a delimiter with the Before Literal 
Characters delimiter. If you use the Around Each Field delimiter, you do not need to precede 
literal characters within the field with the Before Literal Character delimiter. 


Using the Export Utility 


The GroupWise Export utility reads eDirectory and Group Wise object information from Group Wise 
databases and creates an ASCII-delimited text file containing the object attributes. The Export utility 
supports most eDirectory classes (including extensions) and GroupWise classes. You can specify the 
delimiters, eDirectory contexts, and file field positions during export. 





IMPORTANT: The Export utility is not included on the GroupWise CDs. You can download the 
Import/Export utility from TID 2960897 in the Novell Support Knowledgebase (http:// 
www.novell.com/support). To install the Import/Export utility, follow the instructions provided with 
the download. The Import/Export utility is not available for use on Linux. 





To export objects from GroupWise: 


1 In ConsoleOne, select the eDirectory tree that contains the GroupWise objects you want to 
export, click Tools > GroupWise Utilities > Export to display the GroupWise Export dialog box. 
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GroupWise Export 
(° NDS/GroupWise Class: m 
C Groupwise Class: 


Export File: 


Attributes: File Fields: 











Delimiters... 





2) 
[£ 





| = Mandatory attribute Starting Context: Configuration: 


Po El 
[7 Export from subordinate contexts Load... 
[T Put attribute names in first line SATA 


[ Create file in WordPerfect format 








2 If you have previously defined and saved a configuration, click Load to fill in the fields from 
the configuration file, then click Run to perform the export. 


or 
Fill in the fields in the Export dialog box. 


NDS/GroupWise Class: Select this option to export objects belonging to an eDirectory class 
or to a GroupWise-related eDirectory class. Choose the class from the list. 


GroupWise Class: Select this option to export objects belonging to a GroupWise class not 
represented in eDirectory. Choose external user, external domain, external post office, 
Document-Version, or Lookup Entry from the list. 


Parent: If you are exporting objects that belong to a Group Wise-related eDirectory class or a 
Group Wise-only class, and that class has a parent attribute, post office, or domain, this field 
allows you to export objects having only the parent attribute value you specify. The object 
selection process is still subject to the values in Starting Context, explained below, and the 
Export from Subordinate Contexts check box. 


Export File: Specify the full path and file name of the ASCII text file. 


Attributes / File Fields: This list displays the attributes of the selected class. Move the 
attributes to correspond to the fields in the ASCII text file to the File Fields list. 


Some attributes are marked with an exclamation point (!), indicating that a value for that 
attribute must exist. 


Starting Context: Specify the eDirectory context from which to begin the export. If the Export 
from Subordinate Contexts list box is selected, objects belonging to contexts subordinate to the 
context specified here is also exported. 


Export from Subordinate Contexts: Select this option to cause objects in subordinate 
contexts to be exported. If this box is left deselected, only those objects in the immediate 
Starting Context context are exported. 


Put Attribute Names in First Line: Select this option to direct the export to put the attribute 
names as a comment in the first line of the export file. 


Create the File in WordPerfect Office Notebook Format: If you use this option, you might 
also want to select Put Attribute Names in First Line to permit WordPerfect* to display the 
attribute names for each merge field. 
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Delimiters: Accept the defaults shown or change the delimiters. For more information, see 
“Delimiters” on page 212. 


3 Click Run to perform the export. 


13.3 Creating GroupWise Accounts for Non- 
eDirectory Users 


If you have users who do not have eDirectory accounts, you can still assign them GroupWise 
accounts by defining them as GroupWise external entities in eDirectory. Defining a user as a 
Group Wise external entity provides the user with access to GroupWise only; it does not enable the 
user to log in to eDirectory. External entities have eDirectory objects, but they are not considered 
eDirectory users for licensing purposes. 


To create a GroupWise account for a non-eDirectory user: 


1 In ConsoleOne, right-click the eDirectory container where you want to create the user’s 
GroupWise External Entity object, then click New > Object to display the New Object dialog 
box. 


2 Select GroupWise External Entity, then click OK to display the Create GroupWise External 
Entity dialog box. 


Create GroupWise External Entity 


GroupWise Object ID: 





Last Name: 





Groupise Post Office: 





External Network ID: 








[ Define additional properties 





[ Create another External Entity 





3 Fill in the following fields: 


GroupWise Object ID: Specify the user's Group Wise ID. The user's ID along with the user's 
post office and domain, provide the user with a unique name within the GroupWise system 
(userID.po.domain). 


Do not use any of the following invalid characters in the GroupWise object ID: 


ASCII characters 0-13 Comma , 

Asterisk * Double quote “ 

At sign @ Extended ASCII characters that are graphical or typographical 
symbols; accented characters in the extended range can be used 

Braces { } Parentheses ( ) 

Colon : Period . 


Last Name: Specify the user’s last name. 
GroupWise Post Office: Select the post office where you want the user’s mailbox. 
External Network ID: Specify the user’s network ID for the network that he or she logs in to. 
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4 Select Define Additional Properties, then click OK to display the Group Wise Identification 
page. 


Properties of JMallory 


eneral v | Restrictions v | Memberships + | Security Equal To Me | Login Script | NDS Rights v |! 





Network ID: JMallory@HotMail.com 





Description: 





Given Name: 





Last Name: Mallory 





Title: 





Department: 





Phone: 








Fax: 





Page Options... 





5 If desired, fill in any of the fields on the Identification page. 


This information appears in the GroupWise Address Book, as described in Section 6.1, 
“Customizing Address Book Fields,” on page 85. If you want to keep private information in the 
Description field, you can prevent this information from appearing the GroupWise Address 
Book. See Section 6.1.5, “Preventing the User Description Field from Displaying in the 
Address Book,” on page 89. 


6 Ifyou want the external entity user to be able to access his or her GroupWise mailbox using 
LDAP authentication, as described in Section 36.3.4, “Providing LDAP Authentication for 
GroupWise Users,” on page 501, click GroupWise > Account, then provide the fully 
distinguished name of the user’s External Entity object in LDAP format (for example, 
cn=user id, ou=orgunit,o=organization). 


7 Click OK to save the information. 


The user is given a GroupWise mailbox in the post office you selected and can access his or her 
mailbox through the GroupWise client. 


Because the external entity does not have an associated eDirectory User object, external entity users 
must access their mailboxes using GroupWise passwords. They cannot use eDirectory 
authentication or LDAP authentication to obtain mailbox access. For more information, see 
Section 70.1, “Mailbox Passwords,” on page 1115. 


13.4 Educating Your New Users 


After users can log in to their Group Wise accounts, all of the Group Wise client’s features are at their 
fingertips, but some new users do not know how to get started. You can give your users the 
following suggestions to encourage them to explore their GroupWise client: 


+ Click Help > Help Topics > Contents > How Do I to learn to perform common GroupWise 
tasks 


+ Click Help > Whats New to learn about the latest new GroupWise features 
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+ Click Help > User Guide to view the GroupWise 7 Windows Client User Guide in HTML 
format 


+ Refer to the GroupWise 7 Client Frequently Asked Questions (FAQ) as needed 


For convenience in printing, the GroupWise 7 Windows Client User Guide is available in PDF 
format at the GroupWise 7 Documentation Web site (http://www.novell.com/documentation/gw7). 
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Managing GroupWise Accounts 
and Users 


As your Group Wise? system grows, you will need to add users and manage their Group Wise 
accounts. 

+ Section 14.1, “Adding a User to a Distribution List,” on page 217 

+ Section 14.2, “Allowing Users to Modify Distribution Lists,” on page 218 

+ Section 14.3, “Adding a Global Signature to Users’ Messages,” on page 219 

+ Section 14.4, “Moving GroupWise Accounts,” on page 222 

+ Section 14.5, “Renaming Users and Their GroupWise Accounts,” on page 231 

+ Section 14.6, “Managing Mailbox Passwords,” on page 231 

+ Section 14.7, “Managing E-Mail Addresses,” on page 235 

+ Section 14.8, “Checking GroupWise Account Usage,” on page 240 

+ Section 14.9, “Disabling and Enabling GroupWise Accounts,” on page 240 

+ Section 14.10, “Removing GroupWise Accounts,” on page 241 
See also Section 26, “Maintaining Domain and Post Office Databases,” on page 377, Chapter 27, 
“Maintaining User/Resource and Message Databases,” on page 385, and Section 31, “Backing Up 
Group Wise Databases,” on page 407. Proper database maintenance and backups allow recovery 


from accidental deletions, as described in Section 32.5, “Restoring Deleted Mailbox Items,” on 
page 413 and Section 32.6, “Recovering Deleted GroupWise Accounts,” on page 416. 


14.1 Adding a User to a Distribution List 


Group Wise distribution lists are sets of users and resources that can be addressed as a single entity. 
When a GroupWise user addresses an item (message, appointment, task, or note) to a distribution 
list, each user or resource that is a member receives a copy of the item. 


To add a user to a distribution list: 


1 InConsoleOne®, right-click the User object, then click Properties. 
2 Click GroupWise > Distribution Lists to display the Distribution Lists page. 
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Properties of jdesoto 


General v |] oupWise i| Restrictions v | Memberships v | Security Equal To Me | Login Script | NDS Rights ~ i 








Membership [ Participation 











Page Options... 


Properties of jdesoto 


General v | GroupWise v | Restrictions X | Memberships v | Security Equal To Me | Login Script | NDS Rights v i 
| Distribution Lists | 











Membership Participation 
Programmers@Provo1 Development 








Page Options... OK | Cancel | Apply | Help. | 








By default, the user is added as a primary recipient (To: recipient). 


4 If you want to change the resource’s recipient type, select the distribution list, click 
Participation, then click To, CC, or BC. 


5 Click OK to save your changes. 


14.2 Allowing Users to Modify Distribution Lists 


Because distribution lists are created in ConsoleOne, users by default cannot modify them. 
However, in ConsoleOne, you can grant rights to selected users to modify specific distribution lists. 
For setup instructions, see Section 18.6, “Enabling Users to Modify a Distribution List,” on 


page 270. 
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14.3 Adding a Global Signature to Users’ 
Messages 


You can build a list of globally available signatures to be automatically appended to messages sent 
by GroupWise client users. Global signatures are created in HTML format. For users who prefer the 
Plain Text compose view in the Group Wise client, a plain text version of the signature is appended 
instead of the HTML version. When this occurs, HTML formatting and embedded images are lost, 
but you can customize the plain text version as needed to compensate for the loss of HTML 
formatting. 


For Windows client users, the global signature is appended by the client to messages after any 
personal signatures that users create for themselves. It is appended after the user clicks Send. If S/ 
MIME encryption is enabled, the global signature is encrypted along with the rest of the message. 
Windows client users can choose whether global signatures are appended only for recipients outside 
the local GroupWise system or for all recipients, local as well as external. For Windows client users, 
you can assign a global signature based on users, resources, post offices, and domains. 


For all client users, the Internet Agent can append global signatures to the end of messages for 
recipients outside the local GroupWise system. However, the Internet Agent does not append global 
signatures to S/MIME-encoded messages, nor does it duplicate global signatures already appended 
by the Windows client. You can assign a default global signature for all users in your system and 
then override that default by editing the properties of each Internet Agent object 

+ Section 14.3.1, “Creating Global Signatures,” on page 219 


+ Section 14.3.2, “Selecting a Default Global Signature for All Outgoing Messages,” on 
page 220 


+ Section 14.3.3, “Assigning Global Signatures to Internet Agents,” on page 221 
+ Section 14.3.4, “Assigning Global Signatures to Windows Client Users,” on page 221 
+ Section 14.3.5, “Excluding Global Signatures,” on page 222 


For information about users’ personal signatures, see: 


+ “Adding a Signature or vCard to Items You Send” in “Working with Items in Your Mailbox” in 
the GroupWise 7 Windows Client User Guide 


+ “Adding a Signature or vCard to Items You Send” in “Working with Items in Your Mailbox” in 
the GroupWise 7 Cross-Platform Client User Guide 


+ “Adding A Signature to Items You Send” in “Working with Items in Your Mailbox” in the 
GroupWise 7 WebAccess Client User Guide 


14.3.1 Creating Global Signatures 


1 Click Tools > GroupWise System Operations > Global Signatures. 
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Global Signatures 


Global Signatures: 




















Monospaced 








Plain Text 








[ox | cancer Help 


3 Specify a descriptive name for the signature. 


4 Compose the signature using the using the basic HTML editing tools provided, then click OK 
to add the new signature to the list in the Global Signatures dialog box. 


5 If you want to check or edit the text version of the signature that was automatically generated: 
Sa Select the new signature, then click Edit. 
5b Modify the text version of the signature as needed, then click OK. 

6 Click OK in the Global Signatures list dialog box to save the list. 

7 Continue with Assigning Global Signatures to Windows Client Users. 


14.3.2 Selecting a Default Global Signature for All Outgoing 
Messages 


If you want the Internet Agent to append a global signature to all outgoing messages: 


1 Click Tools > GroupWise System Operations > Global Signatures. 
2 Click Settings. 
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Global Signature Settings 


Select a default Global Signature to insert in 
outbound messages: 


Cancel 
<None> ed — 


Help 











3 In the drop-down list, select the default global signature, then click OK. 


14.3.3 Assigning Global Signatures to Internet Agents 


If your organization needs more than one global signature on outgoing messages, you can assign 
different global signatures to Internet Agents as needed. 


1 Browse to and right-click an Internet Agent object, then click Properties. 
2 Click SMTP/MIME > Message Formatting. 


Inbound Settings: 


Number of inbound conversion threads: 


Outbound Settings 
Number of outbound conversion threads: 
Default message encoding: 
© Basic RFC-822 
Fr 
© MME 
Message text line wrapping: 
[V Enable quoted printable text line wrapping 
Line wrap length for message text on outbound mail: 72 | 
I Enable flat-forwarding 


Default Global Signature to insert in outbound messages: 


Defined at:Corporate Mail 
[ Override 





I” Apply Global Signature to relay messages 


I Disable mapping x-priority fields 


Page Options... OK | Cancel | Apply | Help | 








3 Under Default Global Signature to Insert in Outbound Messages, select Override, then select 
the global signature that you want this Internet Agent to append to messages. 


4 Click OK to save the setting. 


14.3.4 Assigning Global Signatures to Windows Client Users 


For Windows client users, you can assign different global signatures to different sets of users. 


1 Browse to and select the domain, post office, or users to which you want to assign a global 
signature. 


2 Click Tools > GroupWise Utilities > Client Options. 
3 Double-click Send, then click Global Signature. 
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Send Options: Development 
Send Options | Mail | Appt | Task | Note | Security | Disk Space Mgmt | 


Global Signature 








Jenone> 


e 


Ce 


Restore Default Settings 











[ x | Cancel Help 


4 Inthe Global Signature drop-down list, select the global signature that you want to use. 


By default, the selected signature is applied only to messages that are being sent outside your 
Group Wise system. 


5 Select Apply Signature to All Messages if you want to also use global signatures internally. 
6 Click OK to save the settings. 


14.3.5 Excluding Global Signatures 


You might have a domain, post office, or set of users where you do not want the global signature to 
be added to messages. You can suppress global signatures at the domain, post office, or user level. 


1 Browse to and select the domain, post office, or users for which you want to suppress a global 
signature. 

2 Click Tools > GroupWise Utilities > Client Options. 

3 Double-click Send, then click Global Signature. 

4 In the Global Signature drop-down list, select <None>, then click OK. 


14.4 Moving GroupWise Accounts 


Expansion or consolidation of your Group Wise system can make it necessary for you to move 
Group Wise accounts from one post office to another. 


When you move a GroupWise account, the user’s mailbox is physically moved from one post office 
directory to another. The user’s Novell® eDirectory™ object, including the GroupWise account 
information, remains in the same eDirectory container. 


The following sections provide information you should know before performing a move and 
instructions to help you perform the move. 


+ Section 14.4.1, “Live Move vs. File Transfer Move,” on page 223 


222 GroupWise 7 Administration Guide 


Section 14.4.2, “Moves Between Group Wise 6.x or Later Post Offices,” on page 223 


Section 14.4.3, “Moves Between Group Wise 6.x or Later and Group Wise 5.x Post Offices,” on 
page 223 


Section 14.4.4, “Preparing for a User Move,” on page 224 


Section 14.4.5, “Moving a GroupWise Account to Another Post Office in the Same eDirectory 
Tree,” on page 225 


Section 14.4.6, “Moving a GroupWise Account to Another Post Office in a Different 
eDirectory Tree,” on page 226 


Section 14.4.7, “Monitoring User Move Status,” on page 228 


14.4.1 Live Move vs. File Transfer Move 


Group Wise 6.x and later support two types of moves: a live move and a file transfer move. 


A live move uses a TCP/IP connection between Post Office Agents (POAs) to move a user from one 
post office to another. In general, a live move is significantly faster (approximately 5 to 10 times) 
than a file transfer move. However, it does require that both POAs are version 6.x or later and that 
TCP/IP is functioning efficiently between the two POAs. A file transfer move uses the transfer of 
message files (using POAs and MTAs) rather than a TCP/IP connection between POAs. A file 
transfer move is required if you are moving a user to a post office that is not using a GroupWise 6.x 
or later POA or if you are moving a user across a WAN link where TCP/IP might not be efficient. 


By default, when you initiate a move from a GroupWise 6.x or later post office, the post office’s 
POA attempts to establish a live move session with the destination post office’s POA. If it cannot, a 
file transfer move is used instead. 


If desired, you can disable the live move capability on a GroupWise 6.x or later post office (Post 
Office object > GroupWise > Identification). Any moves to or from the post office would be done by 
file transfer. 


14.4.2 Moves Between GroupWise 6.x or Later Post Offices 


When you move a user’s account from one GroupWise 6.x or later post office to another, all items 
are moved correctly and all associations (proxy rights, shared folder access, and so forth) are 
resolved so that the move is transparent to the user. Occasionally, some client options the user has 
set (GroupWise client > Tools > Options) might be lost and must be re-created for the new mailbox. 


14.4.3 Moves Between GroupWise 6.x or Later and GroupWise 
5.x Post Offices 


Moves that include a GroupWise 5.x post office are performed at the level supported by the 5.x post 
office. This means that users might experience the following: 


+ 


+ 


+ 


Rules need to be re-created. 
Folders do not appear in the same order as in the original mailbox. 


The Address Book contains more than one of the same type of address book (for example, 
Freguent Contacts). 


Folders and personal address books shared with others are no longer shared. They must be 
shared again. 
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Shared folders and personal address books received from others are no longer available. They 
must be shared again. 


Proxy rights to other mailboxes are lost. The rights must be reestablished. 
Folders’ sort order and column settings are lost. They must be reset. 
Query folders no longer work. The query must be performed again. 


Replies (from other users) to items sent by the moved user before the user moved are 
undeliverable. 


Messages sent to the moved user from Remote client users are undeliverable until the Remote 
client users download the Address Book again. 


14.4.4 Preparing for a User Move 


Consider the following before moving a user’s GroupWise account: 


+ 


Make sure the POAs for the user’s current post office and destination post office are running. 
See Chapter 37, “Monitoring the POA,” on page 515. 


Configure both POAs for verbose logging, in case troubleshooting is required during the user 
move process. See Section 37.3, “Using POA Log Files,” on page 538. 


If you are performing the user move during off hours, optimize both POAs for the user move 
process. On the Agent Settings property page of the POA object in ConsoleOne, set Max 
Thread Usage for Priming and Moves to 80%. Set TCP Handler Threads to 40. If you must 
move multiple users during regular work hours, you can set up additional POA instances 
customized for the user move process, as described in Section 38.2.2, “Configuring a 
Dedicated Message File Processing POA,” on page 553. This would prevent the user move 
process from impacting users’ regular activities in their mailboxes. 


Make sure the Message Transfer Agent (MTA) for the user’s current domain and destination 
domain (if different) are running. See Chapter 42, “Monitoring the MTA,” on page 645. 


Make sure that all links between POAs and MTAs are all open. See Section 10.2, “Using the 
Link Configuration Tool,” on page 143, Section 61.3.1, “Link Trace Report,” on page 1002, 
and Section 61.3.2, “Link Configuration Report,” on page 1003 


Make sure that all domain databases along the route for the user move are valid. See 
Section 26.1, “Validating Domain or Post Office Databases,” on page 377. 


Make sure that the mailbox to move is valid. See Section 27.1, “Analyzing and Fixing User and 
Message Databases,” on page 385. Select the Structure, Index, and Contents options in 
GroupWise Check (GWCheck) or in Mailbox/Library Maintenance in ConsoleOne. 


Enable automatic creation of nicknames for moved users, so that replies and forwarded 
messages can be delivered successfully after the user has been moved. See Section 4.2.4, 
“Nickname Settings,” on page 57. 


A user who owns a resource cannot be moved. If the user owns a resource, reassign ownership 
of the resource to another user who is on the same post office as the resource. You can do this 
beforehand, as described in Section 16.1, “Changing a Resource’s Owner,” on page 253, or 
when initiating the user move. 


(Optional) To reduce the number of mailbox items that must be moved, consider asking the 
user to clean up his or her mailbox by deleting or archiving items. 


(Optional) Have the user exit the GroupWise client and GroupWise Notify before you initiate 
the move. When the move is initiated, the user’s POA first creates an inventory list of all 
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information in the user’s mailbox. This inventory list is sent to the new post office’s POA so 
that it can verify when all items have been received. If the user has not exited when the move 
begins, the user is automatically logged out so that the inventory list can be built. However, 
after the move has been initiated, the user can log in to his or her new mailbox even if the move 
is not complete. 


14.4.5 Moving a GroupWise Account to Another Post Office in 
the Same eDirectory Tree 


The following steps apply only if the user’s current post office and destination post office are located 
in the same eDirectory tree. If not, see Section 14.4.6, “Moving a GroupWise Account to Another 
Post Office in a Different eDirectory Tree,” on page 226. 


To move a user's GroupWise account to a different post office in the same eDirectory tree: 
1 In ConsoleOne, connect to the domain that owns the destination post office where you are 
moving the user. 


2 Inthe GroupWise View, right-click the User object or GroupWise External Entity, then click 
Move to display the GroupWise Move dialog box. 


If you want to move multiple users from the same post office to another post office, select all 
the User objects, right-click the selected objects, then click Move. 


GroupWise Move cbolton 


Move to post office: 





Cancel Help 





3 Select the post office to which you want to move the user’s account, then click OK. 


If the user owns a resource, the following dialog box appears. 


Choose New Owner 


Provo1.Developmentjpangilinan. The user owns resources. 
Please choose another user to be the owner for these resources. 


Owner: | 8] 








| Cancel | Help | 





4 Select a new owner for the resource, then click OK. 


5 Keep track ofthe user move process using the User Move utility. See Section 14.4.7, 
“Monitoring User Move Status,” on page 228 


Resolving Addressing Issues Caused By Moving an Account 


The user's new address information is immediately replicated to each post office throughout your 
system so that the Group Wise Address Book contains the user's updated address. Any user who 
selects the moved user from the Group Wise Address Book can successfully send messages to the 
user. 


However, some users might have the user’s old address (Group Wise user ID) in their Frequent 
Contacts Address Book. In this case, if the sender types the moved user’s name in the To field rather 
than selecting it from the Address Book, GroupWise uses the old address stored in the Frequent 
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Contacts Address Book instead of the new address in the GroupWise Address Book. This results in 
the message being undeliverable. The POA automatically resolves this issue when it performs its 
nightly user upkeep (see Section 36.4.3, “Performing Nightly User Upkeep,” on page 513). During 
the nightly user upkeep process, the POA ensures that all addresses in a user’s Frequent Contacts 
Address Book are valid addresses in the GroupWise Address Book. 


If you want to ensure that messages sent to the user’s old address are delivered even before the POA 
cleans up the Frequent Contacts Address Book, you can create a nickname using the old GroupWise 
user ID. For information about creating a nickname, see Section 14.7.4, “Creating a Nickname for a 
User,” on page 239. To have a nickname created automatically when the user is moved, see 

Section 4.2, “System Preferences,” on page 53. 


14.4.6 Moving a GroupWise Account to Another Post Office in 
a Different eDirectory Tree 


A GroupWise system can span multiple eDirectory trees, provided that all components for a single 
domain (post offices, users, resources, and so forth) are all in the same eDirectory tree. For example, 
a user cannot be located in one tree and his or her post office in another. 


If necessary, you can move a user’s account from a post office in one eDirectory tree to a post office 
in another eDirectory tree as long as the post offices are in the same GroupWise system. This 
requires the user to have a User object (or GroupWise External Entity object) in the eDirectory tree 
to which his or her GroupWise account is being moved. 


To move a user’s GroupWise account to a post office in a different eDirectory tree: 
1 Make sure the user has a User object or GroupWise External Entity object in the eDirectory tree 
to which his or her GroupWise account is being moved. 


2 In ConsoleOne, right-click the User object or GroupWise External Entity object (in the 
GroupWise View) > click Move to display the GroupWise Move dialog box. 


If you want to move multiple users from the same post office to another post office, select all 
the User objects, right-click the selected objects > click Move. 


GroupWise Move cbolton 


Move to post office: 





Cancel Help 





3 Select the post office to which you want to move the user’s account, then click OK. 


If the user owns a resource, the following dialog box appears. 


Choose New Owner 


Provo1.Developmentjpangilinan. The user owns resources. 
Please choose another user to be the owner for these resources. 


Owner: | 8) 








| Cancel | Help | 





4 Select a new owner for the resource, then click OK. 
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5 Keep track of the user move process by using the User Move utility to determine when the user 
has been successfully moved. See Section 14.4.7, “Monitoring User Move Status,” on 
page 228. 


6 In the destination eDirectory tree, right-click the User object or GroupWise External Entity 
object where the GroupWise account will be assigned. This is the object referred to in Step 1. 


7 Click GroupWise > Account to display the Account page. 


Properties of cbolton 


General v 


Post Office: 





Mailbox ID: 





Visibility: 





External Sync Override: 








Account ID: 


File ID: 





Expiration Date: 





Gateway Access: 
jz 
LDAP Authentication: 








Restore Area: 





Page Options... | Cancel | 








8 In the Post Office field, select the post office that the user’s GroupWise account was moved to. 


9 Inthe Mailbox ID field, make sure that the mailbox ID is the same as the user’s mailbox ID 
(Group Wise user ID) on his or her original post office. 


10 Click OK. 


A dialog box appears asking if you want to match the GroupWise account to this eDirectory 
user. 


11 Click Yes. 


Resolving Addressing Issues Caused By Moving an Account 


The user’s new address information is immediately replicated to each post office throughout your 
system so that the GroupWise Address Book contains the user’s updated address. Any user who 
selects the moved user from the GroupWise Address Book can successfully send messages to the 
user. 


However, some users might have the moved user’s old address (GroupWise user ID) in their 
Frequent Contacts Address Book. In this case, if the sender types the moved user’s name in the To 
field instead of selecting it from the Address Book, GroupWise uses the old address stored in the 
Frequent Contacts Address Book instead of the new address in the GroupWise Address Book. This 
results in the message being undeliverable. The POA automatically resolves this issue when it 
performs its nightly user upkeep (see Section 36.4.3, “Performing Nightly User Upkeep,” on 

page 513). During the nightly user upkeep process, the POA ensures that all addresses in a user’s 
Frequent Contacts Address Book are valid addresses in the GroupWise Address Book. 
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If you want to ensure that messages sent to the user’s old address are delivered even before the POA 
cleans up the Frequent Contacts Address Book, you can create a nickname using the old GroupWise 
user ID. For information about creating a nickname, see Section 14.7.4, “Creating a Nickname for a 
User,” on page 239. To have a nickname created automatically when the user is moved, see 

Section 4.2, “System Preferences,” on page 53. 


14.4.7 Monitoring User Move Status 


The User Move Status utility helps you track progress as you move users and resources from one 
post office to another. It displays the user moves associated with the object you selected before 
displaying the User Move Status dialog box. For example, if you selected a Domain object, all user 
moves for the selected domain are displayed, but not user moves for other domains. 


While a GroupWise user account is being moved, the POA in the source post office and the POA in 
the destination post office communicate back and forth. You can track the move process progresses 
through various steps and statuses: 


1 In ConsoleOne, select a Post Office or Domain object. 


All moves occurring within the selected location will be listed. 


2 Click Tools > Group Wise Utilities > User Move Status. 


User Move Status 


Filter: 








—_— | | | i= 
Domain Post Office Object ID Last Move Status Error 


Provo1 Development cbolton Move reguest sent 


Refresh 


Cancel 





Help 





At the beginning ofthe move process, most buttons are dim, because it would not be safe for 
you to perform those actions at that point in the move process. When those actions are safe, the 
buttons become active. 


User Move Status 


Domain Post Office Object ID Last Move Status Error > 
Completed retrieving items Retry Restart... 


Force Complete... 


Filter: 








Clear Status 


Refresh 
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3 To restrict the number of users and resources in the list, type distinguishing information in any 
of the Filter fields, then press Enter to filter the list. 


4 During the move, click Refresh to update the status information. 





IMPORTANT: The list does not refresh automatically. 





During the move, you might observe some of the following statuses: 


+ 


Destination post office updated: The destination POA has updated the destination post 
office database with the user's account information. At this point, the user account exists 
in the new location and appears in the Address Book with the new location information. 


Source post office updated: The source POA has updated the user in the source post 
office database to show the new destination post office. Atthis point, the user can no 
longer access the mailbox at the old location. 


Moving mailbox information: The POAs have finished exchanging administrative 
information and are ready to move items from the old mailbox to the new mailbox. 


Sending mailbox inventory list: The source POA sends the destination POA a list of all 
the mailbox items that it should expect to receive. 


Send item request: The destination POA starts requesting items from the source POA 
and the source POA responds to the requests 


Retry mailbox item retrieval: The destination POA was unable to retrieve an item and is 
retrying. The POA continues to retry every 12 hours for 7 days, then considers the move 
complete. To complete the move without waiting, click Force Complete. Typically, items 
that cannot be moved were not accessible to the user in the first place, so nothing is missed 
in the destination mailbox. 


Completed retrieving items: The destination POA has received all of the items on its 
mailbox inventory list. 


Move completed: After all of the user’s mailbox items have arrived in the destination 
post office, the user’s original account in the source post office is deleted and the user 
move is finished. 


User Move Status 











Domain Post Office Object ID | Last Move Status 








Provot Development cbolton Move completed 





Clear All Complete 


Refresh 


Cancel 





Help 


The User Move Status utility cannot gather status information for destination post offices that 
are running POAs older than GroupWise 6.5. Status information for users moving to older post 
offices displays as Unavailable. 


5 If something disrupts the user move process, select the problem user or resource, then click 
Retry/Restart. 
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Retry/Restart on User Move 


© Stop deferred retries 


© Restart the entire mailbox move 


Cancel Help 





6 Select the option appropriate to the problem you are having, then click OK. 


Retry the Last Step of the Mailbox Move: Select this option to retry whatever step the user 
move process has stopped on. This is equivalent to performing one of the POA’s automatic 
retries manually and immediately. Ideally, the step completes successfully on the retry and 
processing continues normally. 


Skip Retry on the Current Mailbox Item: Select this option to skip a particular mailbox item 
that cannot be successfully moved. The need for this action can usually be avoided by running 
Mailbox/Library Maintenance on the mailbox before moving the user account. Ideally, the user 
move processing should continue normally after skipping the problem item. 


Stop Deferred Retries: Select this option to stop the POA from retrying to send items that 
have not been successfully received. This completes the user move process even though some 
individual items have not been moved successfully. 


Restart the Entire Mailbox Move: Select this option if something major disrupts the user 
move process and you want to start over from the beginning. Because nothing is deleted from 
the source mailbox until everything has been received in the destination mailbox, you can 
safely restart a move at any time for any reason. 


After you have moved a user in ConsoleOne, you can display detailed information about items 
belonging to that account that have not yet been moved to the destination post office, perhaps 
because problems were encountered when trying to move them. This information can help 
determine the importance of moving residual items that are still pending after all other items 
have been successfully moved. 


7 Assess the importance of items that are still pending. 
Ta Select an account for which the move has not completed, then click Pending Items. 


You can determine the record type (item, folder, Address Book contact, and so on), the 
item type (mail, appointment, task, and so on), how old the item is, the sender of the item, 
and the Subject line of the item. Not all columns in the Pending Items dialog box apply to 
all record types and item types, so some columns might be empty. 


7b Click Request to request pending items. 
Pending items are retrieved in groups of 25. 
7c Click Yes to request the first group of pending items, then click OK. 


You might need to wait for a while before the pending item lists displays because the 
request goes out through the destination domain to the source domain to the source post 
office, where the source POA sends the requested information back to the destination 
domain. Do not click Request again before the list appears or you receive the same list 
twice. 


When the pending items appear, you can select an item, then click /nfo to display detailed 
information about the item. You can also click Refresh to reread the domain database to 
determine if additional items have been moved. 
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7d If you and the user whose mailbox is being moved decide that the pending items are 
expendable, click Force Complete to finish the move process. 


14.5 Renaming Users and Their GroupWise 
Accounts 


When you rename a user, the user’s GroupWise user ID (mailbox ID) changes but the user remains 
in the same post office. All of the user’s associations remain unchanged. For example, the user 
retains ownership of any resources and documents while other users who had proxy rights to the 
user’s mailbox retain proxy right. 


1 Make sure the user has exited the GroupWise client and Group Wise Notify. 
2 Make sure the domain’s MTA and post office’s POA are running. 
3 Inthe GroupWise View, right-click the User object, then click Rename to display the 


GroupWise Rename dialog box. 


GroupWise Rename sjones 


New GroupWWise name: 
SMES 





[ = ] Cancel Help 





4 Specify the Group Wise user ID. 
5 Click OK to rename the user. 


Resolving Addressing Issues Caused By Renaming a User 


The user’s new information is immediately replicated to each post office throughout your system so 
that the GroupWise Address Book contains the user’s updated address. Any user who selects the 
renamed user from the GroupWise Address Book can successfully send messages to the renamed 
user. 


However, some users might have the user’s old address (Group Wise user ID) in their Frequent 
Contacts Address Books. In this case, if the sender types the renamed user’s name in the To field 
instead of selecting it from the Address Book, GroupWise uses the old address stored in the 
Frequent Contacts Address Book instead of the new address in the GroupWise Address Book. This 
results in the message being undeliverable. The POA automatically resolves this issue when it 
performs its nightly user upkeep (see Section 36.4.3, “Performing Nightly User Upkeep,” on 

page 513). During the nightly user upkeep process, the POA ensures that all addresses in a user’s 
Frequent Contacts Address Book are valid addresses in the GroupWise Address Book. 


If you want to ensure that messages sent to the user’s old address are delivered even before the POA 
cleans up the Frequent Contacts Address Book, you can create a nickname using the old GroupWise 
user ID. For information about creating a nickname, see Section 14.7.4, “Creating a Nickname for a 
User,” on page 239. 


14.6 Managing Mailbox Passwords 


The following sections provide information to help you manage GroupWise mailbox passwords: 


+ Section 14.6.1, “Creating or Changing a Mailbox Password,” on page 232 


Managing GroupWise Accounts and Users 


231 


+ Section 14.6.2, “Removing a Mailbox Password,” on page 233 
+ Section 14.6.3, “Bypassing the GroupWise Password,” on page 233 


For background information about Group Wise passwords, see Chapter 70, “Group Wise Passwords,” 
on page 1115. 


14.6.1 Creating or Changing a Mailbox Password 


As administrator, you can use ConsoleOne to create a user’s mailbox password or change a user’s 
existing password. If a user can log in to GroupWise, he or she can also change the mailbox 
password through the Security Options dialog box (GroupWise Windows or Cross-Platform client > 
Tools > Options > Security) or on the Passwords page (GroupWise WebAccess client > Options > 
Password. 


To create or change a user’s mailbox password: 


1 In ConsoleOne, right-click the User object (or GroupWise External Entity object), then click 
Properties. 


2 Click GroupWise > Account to display the Account page. 


General Restrictions v | Memberships v | Security Equal To Me | Login Script | NDS Rights v~ Ik 





Post Office: Provoi Development 
Mailbox ID: 
Visibility: System ed 


External Sync Override: Synchronize according to visibility 








Account ID: 


File ID: mah 





Expiration Date: T Enable 
Gateway Access: 


T Disable Logins 








LDAP Authentication: 


Restore Area: (Not Set) 


Change GroupiVise Password Delete GroupWise Account | 








KS Security Options 


Enter new password: 


Retype password: 


D Clear user's password 








4 Enter and reenter a new password. 
5 Click OK. 
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14.6.2 Removing a Mailbox Password 


If you want to remove a user’s mailbox password but not assign a new password, you can clear the 
password. 


1 In ConsoleOne, right-click the User object (or GroupWise External Entity object), then click 
Properties. 


2 Click GroupWise > Account to display the Account page. 


Properties of gsmith 


General 





Post Office: Provol Development 





Mailbox ID: 


Visibility: System 








External Sync Override: Synchronize according to visibility 





Account ID: 


File ID: mah 





Expiration Date: T Enable 





Gateway Access: 


I Disable Logins 








LDAP Authentication: 


Restore Area: (Not Set) 


Change GroupWise Password Delete GroupWise Account | 





Page Options... Cancel | 





Security Options 


Enter new password: 


Retype password: 


D Clear user's password 








4 Select the Clear User $ Password option. 
5 Click OK. 





NOTE: A mailbox with no password cannot be accessed using the WebAccess client. 


14.6.3 Bypassing the GroupWise Password 


By default, if a user must enter a password when logging in to GroupWise, he or she is prompted for 
the password. 


The Group Wise client includes several options that users can choose from to enable them to log in 
without providing a password. These options, located on the Security Options dialog box 
(GroupWise client > Tools > Options > Security), are described in the following table. 
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Table 14-1 Options for Bypassing a Password 


GroupWise Client Option 


Remember My Password 


No Password Required with 
eDirectory 


Use Single Sign-On 


Use Collaboration Single Sign-On 
(CASA) 


Description 


This option is available only when running an earlier GroupWise 
client on Windows 95/98. The GroupWise 7.x Windows client is 
not supported on Windows 95/98. 


The GroupWise password is stored in the Windows password list. 
When GroupWise starts, it pulls the password from the list. 


This option is available only when logged in to Novell eDirectory. 


When GroupWise starts, it automatically logs in to the GroupWise 
account associated with the user who is logged in to eDirectory at 
the workstation. No GroupWise password is required. 


This option is available only when using Novell Single Sign-on 2.0 
and SecureLogin 3.0 and later products. 


When GroupWise starts, it uses the GroupWise password stored 
by Novell Single Sign-on or SecureLogin. 


This option is available only when using Novell Common 
Authentication Services Adapter (CASA) 1.0 and later. 


When GroupWise starts, it uses the GroupWise password stored 
by Novell CASA. 


As shown in the table, these options appear only if certain conditions are met, such as the user 
running on a Windows 95/98 workstation or having Novell Single Sign-on or SecureLogin installed. 
If you don’t want the option available to users even if the condition is met, you can disable the 
option. Doing so removes it from the Group Wise client’s Password dialog box. 


To disable one or more of the password options: 


1 In ConsoleOne, click a Domain object if you want to disable password options for all users in 


the domain. 


or 


Click a Post Office object if you want to disable password options for all users in the post 


office. 


or 


Click a User object or GroupWise External Entity object if you want to disable password 


options for the individual user. 


2 With the appropriate GroupWise object selected, click Tools > GroupWise Utilities > Client 
Options to display the Group Wise Client Options dialog box. 
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GroupWise Client Options 


Fea Close 
& 
= Hel 
Environment Send zu 


9 g 


Security Date and Time 





3 Click Security to display the Security Options dialog box. 


Security Options: Provo1 











r 


IV. Allow password caching 


F Use eDirectory authentication instead of password OX (34 


IV Enable single sign-on 


FF Use Collaboration Single Sign-on (CASA) 


Restore Default Settings 











4 On the Password tab, deselect Allow Password Caching if you don’t want Windows 95/98 
users to be able to use the GroupWise client’s Remember My Password option. 


5 Deselect Allow eDirectory Authentication Instead of Password if you don’t want eDirectory 
users to be able to use the GroupWise client’s No Password Required with eDirectory option. 


6 Deselect Allow Novell Single Sign-on if you don’t want Single Sign-on or SecureLogin users to 
be able to use the GroupWise client’s Use Novell Single Sign-on option. 


7 Deselect Use Collaboration Single Sign-On (CASA) if you don’t want users of Novell 
collaboration products (Group Wise, Messenger, iFolder, and iPrint) to be able to use the same 
password for all collaboration products. 


8 Click OK to save your changes. 


For more information about addressing formats, see Chapter 45, “Configuring Internet Addressing,” 
on page 703. 


14.7 Managing E-Mail Addresses 


To ensure that user addresses meet your needs, GroupWise enables you to determine the format and 
visibility of addresses, as well as create additional names for users. The following sections provide 
details: 

¢ Section 14.7.1, “Ensuring Unique E-Mail Addresses,” on page 236 

+ Section 14.7.2, “Changing a User’s Internet Addressing Settings,” on page 236 

+ Section 14.7.3, “Changing a User’s Visibility in the Address Book,” on page 238 

+ Section 14.7.4, “Creating a Nickname for a User,” on page 239 
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14.7.1 Ensuring Unique E-Mail Addresses 


Starting with GroupWise 7, you can use the same e-mail ID for more than one user in your 
GroupWise system, provided each user is in a different Internet domain. Rather than requiring that 
each e-mail ID be unique in your GroupWise system, each combination of e-mail ID and Internet 
domain must be unique. This provides more flexibility for handling the situation where two people 
have the same name. 


When adding or changing users’ e-mail addresses you can check to make sure that the e-mail 
address you want to use for a particular user is not already in use. 


1 In ConsoleOne, click Tools > GroupWise Utilities > Email Address Lookup to display the Email 
Address Lookup dialog box. 


Email Address Lookup 


Enter an email address to look up and press search. 


Email Address: Il 














Domain Name | Past Office Name Object ID | Ohject Type 











2 Inthe Email Address field, specify the e-mail address. You can specify the user ID only (for 
example, jsmith) or the entire address (for example, jsmith@novell.com). 


3 Click Search. 
All objects whose e-mail address match the one you specified are displayed. 


4 If desired, select an object, then click Info to see details about the object. 


14.7.2 Changing a User’s Internet Addressing Settings 


By default, a user inherits his or her Internet address settings (preferred Internet address format, 
allowed address formats, and Internet domain name) from the user’s post office, domain, or 
GroupWise system. For more information, see Chapter 45, “Configuring Internet Addressing,” on 
page 703. 


If necessary, you can override these settings for individual users. 


1 In ConsoleOne, right-click the User object (or GroupWise External Entity object), then click 
Properties. 


2 Click GroupWise > Internet Addressing to display the Internet Addressing page. 
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Properties of gsmith 


General 


Override | Preferred Address format: 
= 








Preterred EMail ID: 
(internet domain name 
Defined at: Corporate Mail 


Allowed Address Formats 


Defined at: Corporate Mail 


Internet domain name: 





Defined at: Corporate Mail 
I For incoming mail, recipients are known exclusively by this Internet domain name 


Page Options... 








3 To override one of the settings, select the Override box, then change the setting. 


Preferred Address Format: The preferred address format determines how the user’s address 
is displayed in the GroupWise Address Book and in sent messages. 


Preferred E-Mail ID: At the user and resource level, the preferred address format can be 
completely overridden by explicitly defining the user portion of the address format 
(user@Internet domain name). The user portion can include any RFC-compliant characters (no 
spaces, commas, and so forth). The user portion must be unique within its Internet domain. 
This means that a user can be used multiple times in your GroupWise system, if it is used only 
once in each Internet domain. 


If you have two users with the same name in the same Internet domain, you can further modify 
the user portion. For example, if you’ve selected First Name.Last Name@JInternet domain 
name as your system’s preferred address format and you have two John Petersons in the same 
Internet domain, you would have two users with the same address 
(John.Peterson@novell.com). You could use this field to differentiate them by including their 
middle initials in their addresses (John.S.Peterson@novell.com and 
John.A.Peterson@novell.com). 


Allowed Address Formats: The allowed address formats determine which address formats 
can be used to send messages to the user. For example, using John Peterson as the user, 
Research as the post office, and novell.com as the Internet domain, if you select all five 
formats, John Peterson would receive messages sent using any of the following addresses: 


jpeterson.research@novell.com 

jpeterson@novell.com 

john.peterson@novell.com 

peterson.john@novell.com 

jpeterson@novell.com 

Internet Domain Name: The Internet domain name, along with the preferred address format, 


is used when constructing the e-mail address that is displayed in the GroupWise Address Book 
and in the To field of sent messages. 


Only the Internet domain names that have been defined are displayed in the list. Internet 
domain names must be defined at the system level (Tools > GroupWise System Operations > 
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Internet Addressing). For more information, see Section 45, “Configuring Internet 
Addressing,” on page 703. 


If you override the Internet domain name, the For Incoming Mail, Recipients are Known 
Exclusively by This Internet Domain Name option becomes available. Enable this option if you 
only want the user to be able to receive messages addressed with this Internet domain name. If 
you don’t enable this option, the user receives messages addressed using any of the Internet 
domain names assigned to your GroupWise system. 


4 Click OK to save your changes. 


14.7.3 Changing a User’s Visibility in the Address Book 


A user’s visibility level determines the extent to which the user’s address is visible throughout your 
Group Wise system. You can make the user visible in the Address Book throughout your entire 
Group Wise system, you can limit visibility to the user’s domain or post office only, or you can make 
it so that no users can see the user in the Address Book. 


Making a user visible in the Address Book simply makes it easier to address items to the user. 
Regardless of a user’s visibility, other users can send items to the user if they know the user’s 
GroupWise user ID. 


1 In ConsoleOne, right-click the User object (or GroupWise External Entity object), then click 
Properties. 


2 Click GroupWise > Account to display the Account page. 


Properties of gsmith 
General Restrictions v | Memberships v | Security Equal To Me | Login Script | NDS Rights v I 


Post Office: Provo1 Development 





Mailbox ID: 





Visibility: System 








External Sync Override: Synchronize according to visibility 





Account ID: 


File ID: mah 





Expiration Date: I Enable 





Gateway Access: 


T Disable Logins 





LDAP Authentication: 





Restore Area: (Not Set) 


Change GroupWise Password Delete GroupWise Account | 





Page Options... | Cancel | 








3 In the Visibility field, select the desired visibility level. 


System (Default): All users in your GroupWise system can see the user’s information in the 
Address Book. 


Domain: Only users in the same domain as the user can see the user’s information in the 
Address Book. 


Post Office: Only users in the same post office as the user can see the user’s information in the 
Address Book. 
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None: No users can see the user’s information in the Address Book. Users need to know the 
user’s GroupWise user ID to send items to him or her. 


4 Click OK to save your changes. 


14.7.4 Creating a Nickname for a User 


Each user has a specific GroupWise address consisting of the user's ID, post office, and domain 
(user_ID.post_office.domain). You can assign one or more nicknames to a user to give the user an 
alternate address. Each part of the address (user_ID, post_office, and domain) can be different than 
the user’s actual address. 


For example, you might want to create a nickname for a user you have just moved (see Section 14.4, 
“Moving GroupWise Accounts,” on page 222) or renamed (see Section 14.5, “Renaming Users and 
Their GroupWise Accounts,” on page 231). The nickname, which would be the user’s old address, 
would ensure that any use of the old address would result in the new address being used instead. 


Nicknames are not displayed in the Address Book, which means users need to know the nickname to 
use it. 


To manually create a nickname for a user: 


1 In ConsoleOne, right-click the User object or GroupWise External Entity object, then click 
Properties. 
2 Click GroupWise > Nicknames to display the Nicknames page. 


Properties of gsmith 
General v Restrictions v | Memberships v | Security Equal To Me | Login Script | NDS Rights v |! 








Object ID Domain | Post Office 

















Page Options... | Cancel | 





3 Click Add to display the Create Nickname dialog box. 
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Create Nickname 


Creating nickname for gsmith Users Docdev Novell 








Domain.PO: 





Object ID: 





Visibility: 





Given Name: 








Last Name: 








Expiration Date: T Enable 





Cancel 








4 Fill in the following fields: 


Domain.PO: Select the post office where you want to assign the nickname. This can be any 
post office in your GroupWise system; it does not have to be the user’s post office. 


Object ID: Specify the name to use as the user. ID portion of the nickname. The nickname 
must be unique. 


Visibility: This field does not apply to nicknames. Nicknames are not displayed in the Address 
Book. To use a nickname, a message sender must specify the nickname’s address. 


Given Name: Specify the user’s given (first) name. 
Last Name: Specify the user’s last name. 


Expiration Date: If you want the nickname to be removed by the Expire Records feature after 
a certain date, as described in Section 14.10.3, “Managing Expired or Expiring Group Wise 
Accounts,” on page 244, select Enable, then select the desired date. 


5 Click OK to add the nickname to the list. 
6 Click OK to save the changes to the User object or GroupWise External Entity object. 


To have nicknames created automatically whenever you move a user, see Section 4.2, “System 
Preferences,” on page 53. 


14.8 Checking GroupWise Account Usage 


You can identify GroupWise accounts that have been inactive for a specified period of time. See 
Section 12.4, “Auditing Mailbox License Usage in the Post Office,” on page 191. 


You can measure message traffic from individual GroupWise mailboxes. See Section 61.3.5, “User 
Traffic Report,” on page 1009. 


14.9 Disabling and Enabling GroupWise 
Accounts 
You can disable a GroupWise account so that the user cannot access his or her mailbox until you 


enable the account again. This might be necessary if you need to perform database maintenance on 
the user’s mailbox or when a user leaves the company and no longer needs access to the mailbox. 


1 In ConsoleOne, right-click the User object (or GroupWise External Entity object), then click 
Properties. 


2 Click GroupWise > Account to display the Account page. 


240 GroupWise 7 Administration Guide 


Properties of gsmith 


General 





Post Office: Provo1 Development 





Mailbox ID: 





Visibility: System 








External Sync Override: Synchronize according to visibility 





Account ID: 


File ID: mah 





Expiration Date: [ Enable 





Gateway Access: 


I Disable Logins 








LDAP Authentication: 


Restore Area: (Not Set) 


Change GroupWise Password Delete GroupWise Account | 








Page Options... Cancel | 





3 Select Disable Logins, then click OK. 
4 To enable the user’s account when access is again permitted, deselect Disable Logins, then 
click OK. 


While a user’s account is disabled, other users to whom proxy rights have been granted can still 
access the mailbox. This is convenient for reviewing the contents of the mailbox of a departed 
employee and pulling out those messages that are of use to the incoming employee. 


14.10 Removing GroupWise Accounts 


You can remove a user’s GroupWise account by deleting or expiring it. Deleting an account removes 
the entire account (address, mailbox, items, and so forth) from the GroupWise system. Expiring an 
account deactivates the account so that it cannot be accessed, but does not remove it from the 
system. The following sections provide information to help you delete or expire GroupWise 
accounts 


+ Section 14.10.1, “Deleting a GroupWise Account,” on page 241 
+ Section 14.10.2, “Expiring a GroupWise Account,” on page 243 
+ Section 14.10.3, “Managing Expired or Expiring GroupWise Accounts,” on page 244 


If you delete a GroupWise account by accident, or need to retrieve a deleted account for some other 
reason, see Section 32.6, “Recovering Deleted GroupWise Accounts,” on page 416. 





NOTE: When you remove a GroupWise account, any personal databases, such as an archive, a 
Caching mailbox, or a Remote mailbox, that are associated with the account are unaffected by the 
account deletion. Such databases are not located where ConsoleOne could delete them, so they must 
be deleted manually. 





14.10.1 Deleting a GroupWise Account 


When you delete a user’s GroupWise account, the user’s mailbox is deleted and the user is removed 
from the Group Wise system. If the user owns library documents, see “Ensuring that a User’s Library 
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Documents Remain Accessible” on page 243 before deleting the user. Otherwise, refer to one of the 
following sections: 
+ “Deleting an eDirectory User’s GroupWise Account” on page 242 


+ “Deleting a Non-eDirectory User’s GroupWise Account” on page 242 


Deleting an eDirectory User’s GroupWise Account 


1 Make sure the user has exited the GroupWise client and Group Wise Notify. 
2 Make sure the POA for the user’s post office is running. 
If the POA is not running, the user mailbox is not deleted until the next time the POA runs. 
3 In ConsoleOne, right-click the User object, then click Delete. 
or 
Select multiple User objects, right-click the selected object, then click Delete. 
4 Click Yes to display the Delete Options dialog box. 


Delete Options 


jpangilinan.Users.Docdev.Novell has GroupWise 
and eDirectory accounts. Please indicate your 


delete preferences below: Cancel 
Help 


GroupWise Account 
IV Delete 
1 Expire 


eDirectory Account 
IV Delete 





5 Inthe GroupWise Account box, select Delete. 

6 Inthe eDirectory Account box, deselect Delete. 

7 Click OK to delete the eDirectory user's Group Wise account. 
Or 


If you selected multiple User objects, click OK to All to apply the same deletion options to all 
accounts. If you click OK rather than OK to All, you can select deletion options for each 
account individually as it is deleted. 


8 Ifa user was a resource owner, the following dialog box appears. Select a new user to be the 
resource’s owner, then click OK. 


Choose New Owner 


Provo1.Developmentjpangilinan. The user owns resources. 
Please choose another user to be the owner for these resources. 


Owner: | KA] 





| Cancel | Help | 








Deleting a Non-eDirectory User’s GroupWise Account 


Non-eDirectory users are given GroupWise accounts by adding the users to eDirectory as 
GroupWise external entities (see Section 13.3, “Creating GroupWise Accounts for Non-eDirectory 
Users,” on page 214). You remove a non-eDirectory user’s GroupWise account by deleting the 
user’s GroupWise External Entity object from eDirectory. 
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NOTE: Remember that external entities do have eDirectory objects, but they are not considered 
eDirectory users for licensing purposes. 





As with eDirectory users, when you remove a non-eDirectory user’s GroupWise account, the user’s 
mailbox is deleted and the user is removed from the Group Wise system. 


To delete a non-eDirectory user’s GroupWise account: 


1 Make sure the user has exited the GroupWise client and Group Wise Notify. 
2 Make sure the POA for the user’s post office is running. 


If the POA is not running, the user’s mailbox will not be deleted until the next time the POA 
runs. 


3 In ConsoleOne, right-click the user's GroupWise External Entity object, then click Delete. 
4 Click Yes to confirm the deletion. 


Ensuring that a User’s Library Documents Remain Accessible 


When you delete a user’s GroupWise account, GroupWise does not delete any library documents to 
which the user has Author or Creator status. These documents remain in the library as “orphaned” 
documents, meaning that no one can access the documents. 


If you or other users need access to the documents, you have the following choices: 


¢ Rather than deleting the user, change the user’s GroupWise mailbox password so that he or she 
can’t log in. Other users can continue accessing the documents, and you can log in as the user 
to manage the documents. For information about changing a user’s password, see 
Section 14.6.1, “Creating or Changing a Mailbox Password,” on page 232. 


¢ Rather than deleting the user or changing the user’s password, disable the user’s ability to log 
in. This is done on the user’s GroupWise Account page (User object > GroupWise > Accounts 
> Disable Logins). 


¢ Delete the user, then reassign the orphaned documents to another user. For information, see 
Section 28.2, “Analyzing and Fixing Library and Document Information,” on page 392. 


14.10.2 Expiring a GroupWise Account 


Rather than delete a user’s GroupWise account, you can expire the account. The account, including 
the user’s mailbox and all items, remains in GroupWise but cannot be accessed by the user. If 
necessary, the user’s account can be reactivated at a later date, as described in Section 14.10.3, 
“Managing Expired or Expiring GroupWise Accounts,” on page 244. This option is useful for 
providing GroupWise accounts to temporary or contract employees who come and go. 


You can set a user’s GroupWise account to expire immediately or at a future date and time. 


1 Make sure the user has exited the GroupWise client and Group Wise Notify. 


2 In ConsoleOne, right-click the User object or GroupWise External Entity object with the 
account you want to expire, then click Properties. 


3 Click GroupWise > Account to display the Account page. 
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Properties of gsmith 


General 





Post Office: Provo1 Development 





Mailbox ID: 


Visibility: System 








External Sync Override: Synchronize according to visibility 





Account ID: 


File ID: mah 





Expiration Date: D Enable 





Gateway Access: 


I Disable Logins 








LDAP Authentication: 


Restore Area: (Not Set) 


Change GroupWise Password Delete GroupWise Account | 








Page Options... | Cancel | 





4 Inthe Expiration Date field, select the Enable check box to turn on the option. 


5 Ifyou want the account to expire immediately, leave the date and time set to the current date 
and time. 


or 
If you want the account to expire at a later date, select the desired date and time. 
6 Click OK. 





NOTE: To immediately expire an account assigned to an eDirectory user, you can also right-click 
the User object, click Delete, select the Expire GroupWise Account option, then click OK. This 
method is not available for non-eDirectory (GroupWise External Entity object) users. 





14.10.3 Managing Expired or Expiring GroupWise Accounts 


Expired GroupWise accounts remain expired until you reactivate them or delete them. Refer to the 
following sections for information to help you manage expired accounts: 

+ “Identifying Expired or Expiring Accounts” on page 244 

+ “Changing an Account’s Expiration Date” on page 245 


+ “Reactivating an Expired Account” on page 246 


Identifying Expired or Expiring Accounts 


Rather than search through all your User or GroupWise External Entity objects in eDirectory to 
identify which ones have expired or expiring accounts, you can use the Expired Records option to 
quickly list expired accounts for your entire system, a single domain, or a single post office. 
Depending on the date you choose, you can see expired accounts only or both expired and expiring 
accounts. 


1 Inthe GroupWise View, select the post office, domain, or GroupWise system that contains the 
accounts you want to view. 
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2 Click Tools > GroupWise Utilities > Expired Records to display the Expired Records dialog 
box. 


Expired Records 
Expired records in: Corporate Mail 
Expired as of: 18/2007 
Expired Users: 
Last Name First Name Object ID Expiration Date Object Type 
Hu Tabitha thu 18/2007 User 

















Select All | 








The Expired As Of field defaults to the current date. Only accounts that have expired as of this 
date are displayed in the list. To see accounts that will expire in the future, you need to change 
the date in the Expired As Of field. 


3 To change the date in the Expired As Of field, click View Date, specify the desired date, then 
click OK. 


For example, in the dialog box shown above, the current date is 1/18/2007 (January 1, 2007). 
To see what accounts will expire by June 30, 2007, you would change the Expired As Of date to 
6/30/2007. 


4 When finished viewing expired or expiring accounts, click OK to close the Expired Accounts 
dialog box. 


Changing an Account’s Expiration Date 


1 In ConsoleOne, right-click the User object or GroupWise External Entity object, then click 
Properties. 


2 Click GroupWise > Account to display the Account page. 
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Properties of gsmith 


Mailbox ID: 
Visibility: 
External Sync Override: 
Account ID: 
File ID: 
Expiration Date: 
Gateway Access: 

T Disable Logins 
LDAP Authentication: 


Restore Area: 


Provo1 Development 
System m 
[Synchronize according to visibility bai 


[ 








mah 


Teese) Bj 








Page Options... 


Change GroupWise Password Delete GroupWise Account 





3 Inthe Expiration Date field, change the time and date. 


4 Click OK. 


Reactivating an Expired Account 


1 In ConsoleOne, right-click the User object or GroupWise External Entity object with the 


expired GroupWise account, then click Properties. 


2 Click GroupWise > Account to display the Account page. 


Properties of gsmith 


Mailbox ID: 


Visibility: 


External Sync Override: 


Account ID: 

File ID: 

Expiration Date: 

Gateway Access: 
T Disable Logins 

LDAP Authentication: 


Restore Area: 


Page Options... 


3 Inthe Expiration Date field, deselect the Enable check box to turn off the option. 


4 Click OK. 


Provol Development 
System = 
Synchronize according to visibility bd 


mah 


T Enable II LJ 


Change GroupWise Password Delete GroupWise Account 
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Resources 


+ Chapter 15, “Creating Resources,” on page 249 
+ Chapter 16, “Managing Resources,” on page 253 
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Creating Resources 


A resource is an item or place, such as a computer, company vehicle, or conference room, that users 
can schedule or check out. 


+ Section 15.1, “Understanding Resources,” on page 249 
+ Section 15.2, “Planning Resources,” on page 250 


+ Section 15.3, “Creating a New Resource,” on page 250 


15.1 Understanding Resources 


The following sections provide information to help you learn about GroupWise® resources: 


+ Section 15.1.1, “Resource Objects,” on page 249 
+ Section 15.1.2, “Resource Types,” on page 249 
+ Section 15.1.3, “Resource Mailboxes,” on page 249 


+ Section 15.1.4, “Resource Owners,” on page 250 


15.1.1 Resource Objects 


Each resource you want to make available must be added as a Resource object in Novell® 
eDirectory™. The name that you give the Resource object becomes the name by which the resource 
is displayed in the GroupWise Address Book. 


Resource objects can be located in any eDirectory container that is in the same tree as the resource’s 
domain. 


15.1.2 Resource Types 
You can identify the resource as a general resource or as a place. When a user schedules a resource 


that is defined as a place, the resource name is automatically added to the Place field in the 
appointment. 


15.1.3 Resource Mailboxes 


Like a user, a resource must be assigned to a post office so that it can be given an account (address, 


mailbox, and so forth). You assign the resource to a post office when you create the Resource object. 


A resource’s account enables it to receive scheduling requests (sent as appointments). The owner 
assigned to the resource can access the resource’s mailbox to accept or decline the requests. For 
example, you might want to have all your conference rooms defined as resources. When sending a 
meeting appointment, users can schedule the conference room as well as the meeting attendees. The 
resource, just like the other users scheduled for the meeting, receives an appointment in its mailbox 
which can be accepted or declined by the owner. 


When scheduling a resource, users can perform a busy search to see when the resource is available. 
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Even though a resource is assigned to a single post office, all users in your GroupWise system can 
schedule the resource. 


Resources can receive all item types (mail messages, phone messages, appointments, tasks, and 
notes). Generally, if your purpose in defining resources is to allow them to be scheduled through 
Group Wise, they only receive appointments. 


15.1.4 Resource Owners 


When you create a resource, you assign an owner to it. The owner must belong to the same post 
office as the resource and is responsible for accepting or declining requests to schedule the resource. 
The owner can do this by proxying the resource’s mailbox and physically opening the scheduling 
requests, or by setting up rules to manage the resource automatically. 


The owner automatically receives proxy rights to the resource’s mailbox. The owner can also grant 
proxy rights to another user to manage the resources. 





NOTE: Owners cannot log in directly to a resource mailbox because resource mailboxes do not 
have passwords. Unless post office security is set to Low, meaning that passwords are not required, 
login access is denied. The Proxy feature in the GroupWise client should always be used to access 
resource mailboxes. 





For information about how owners can manage resources, see: 


+ “Owning Resources” in “Managing Your Mailbox” in the GroupWise 7 Windows Client User 
Guide 


+ “Owning Resources” in “Managing Your Mailbox” in the GroupWise 7 Cross-Platform Client 
User Guide 


15.2 Planning Resources 


Before creating a new resource, make sure that the user who will own the resource has been created 
and belongs to the same post office where you are planning to create the resource. 


15.3 Creating a New Resource 


1 In ConsoleOne®, right-click the container where you want to create the Resource object, then 
click New > Resource to display the Create GroupWise Resource dialog box. 


Create GroupWise Resource 


Resource Name: 





Groupise Post Office: 








Owner 








T Define additional properties 


|” Create another resource 





2 Fill in the following fields: 
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Resource Name: Specify a descriptive name. Because the name is used as part of the 
resource’s Group Wise address, do not use any of the following invalid characters in the 
resource name: 


ASCII characters 0-13 Comma , 


Asterisk * Double quote " 

At sign @ Extended ASCII characters that are graphical or typographical symbols; 
accented characters in the extended range can be used 

Braces { } Parentheses ( ) 

Colon : Period . 


GroupWise Post Office: Select the post office where the resource will be located. 


Owner: Select the user who will be responsible for accepting or declining requests to use the 
resource. The owner must have a GroupWise account on the same post office as the resource. 


3 Select Define Additional Properties, then click OK. 


Properties of Conference Room 2012 


GroupWise + | General | NDS Rights ~ | Other | Rights to Files and Folders | 
Identification 


Distinguished Name: Conference Room 2012.GroupWise 





Post Office: Provol Development 





Owner: gsmith 


File ID: 47 





Description: 





Visibility: System 








Resource Type: Resource 





Phone: 








Page Options... | Cancel | 





4 On the Identification page, fill in the following fields: 


Description: Specify a description to help users identify the use of the resource. The 
description will be displayed if the user chooses to view information about the resource in the 
Address Book. 


If you define the resource type as a place, the description is automatically added to the Place 
field in the appointment. A good description can help users locate the place more easily. 


Visibility: Select the level at which the resource will be visible in the Address Book. System 
causes the resource to be visible to all users in your GroupWise system. Domain causes the 
resource to be visible to all users in the same domain as the resource. Post Office causes the 
resource to be visible to all users on the same post office as the resource. None causes the 
resource to not be visible at any level. However, even if the resource is not displayed in a user’s 
Address Book, he or she can schedule the resource by typing the resource name in an 
appointment’s 7o field. 
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Type: You can identify the resource as a general resource or as a place. When a user schedules 
a resource that is defined as a place, the resource name is automatically added to the Place field 
in the appointment. 


Phone: If the resource has a telephone number associated with it, such as a conference room 
with a telephone number, specify the phone number. 


5 Click OK to save the resource information. 
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Managing Resources 


The following sections provide information to help you manage the resources in your GroupWise™ 
system: 

+ Section 16.1, “Changing a Resource’s Owner,” on page 253 

+ Section 16.2, “Adding a Resource to a Distribution List,” on page 254 

+ Section 16.3, “Moving a Resource,” on page 255 

+ Section 16.4, “Renaming a Resource,” on page 256 

¢ Section 16.5, “Deleting a Resource,” on page 256 

+ Section 16.6, “Managing E-Mail Addresses,” on page 256 
A resource’s mailbox, just like a user’s mailbox, is a combination of the information stored in its 
user database and the message databases located at its post office. Occasionally, you might want to 
perform maintenance tasks on the resource’s mailbox to ensure the integrity of the databases. For 


details about performing maintenance on a resource’s mailbox, see Chapter 27, “Maintaining User/ 
Resource and Message Databases,” on page 385. 


16.1 Changing a Resource’s Owner 


You can change a resource’s owner whenever necessary. The owner must be a user assigned to the 
same post office as the resource. If you need to give ownership of the resource to a user on a 
different post office, you must move the resource to that post office. For details, see Section 16.3, 
“Moving a Resource,” on page 255. 


The new owner automatically receives proxy rights to the resource’s mailbox. Proxy rights are 
removed for the old owner. 


1 In ConsoleOne®, right-click the Resource object, then click Properties. 


2 On the Identification page, browse to and select the new owner, then click OK to display the 
user’s name in the Owner field. 
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Properties of Conference Room 2012 


GroupWise + | General | NDS Rights v | Other | Rights to Files and Folders | 
Identification 


Distinguished Name: Conference Room 2012.GroupWise 


Post Office: Provol Development 





Owner: askoczylas 


File ID: 47 





Description: 





Visibility: ‘System 





Resource Type: Resource 








Phone: 





Page Options... Cancel Apply 





3 Click OK to save your changes. 


16.2 Adding a Resource to a Distribution List 
Just like users, resources can be added to distribution lists. 


1 In ConsoleOne, right-click the Resource object, then click Properties. 


2 Click GroupWise > Distribution Lists to display the Distribution Lists page. 


Properties of Conference Room 2012 


eneral | NDS Rights v | Other | Rights to Files and Folders. 





Membership Participation 











Page Options... OK | Cancel | amy | 





3 Click Add, select the distribution list that you want to add the resource to, then click OK. 
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Properties of Conference Room 2012 


GroupWise + | General | NDS Rights v | Other | Rights to Files and Folders 
Distribution Lists 











Membership Participation 
Programmers@Provo1 Development 














Page Options... OK | Cancel | Apply | Help | 





By default, the resource is added as a primary recipient (To: recipient). 


4 If you want to change the resource’s recipient type, select the distribution list, click 
Participation, then click To, CC, or BC. 


5 Click OK to save your changes. 


16.3 Moving a Resource 


If necessary, you can move a resource from one post office to another. For example, you might need 
to move a resource if you are removing the resource’s post office or if you need to reassign 
ownership of the resource to a user on another post office. 


The resource retains the same name in the new post office as it has in the current post office. If 
another user, resource, or distribution list assigned to the new post office has the same name, you 
will need to rename one of them before you move the resource. For details, see Section 16.4, 
“Renaming a Resource,” on page 256. 


When you move the resource, all items in its mailbox are moved to the new post office, which 
means that all schedules for the resource are kept intact. 


To move a resource: 


1 In ConsoleOne, right-click the Resource object in the GroupWise View, then click Move to 
display the GroupWise Move dialog box. 





IMPORTANT: You must select the Resource object in the Group Wise View. If you select the 
object in the standard ConsoleOne View, you will move the Resource object from one container 
to another, not the resource from one post office to another. 





GroupWise Move Conference Room 2012 3) 


Move to post office: 





8 


Cancel Help 
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2 Select the post office to which you want to move the resource, then click OK to display the 
Choose New Owner dialog box. 


Choose New Owner 


Provo1.Development.Conference Room 2012. Please choose 
another user to be the owner for this resource. 


Owner: [ KA 








| Cancel | Help | 





3 Select the user who will be the resource’s owner, then click OK to move the resource. 


16.4 Renaming a Resource 


Situations might arise where you need to give a resource a new name. For example, you might need 
to move the resource to another post office that already has a user, resource, or distribution list with 
the same name. 


1 In ConsoleOne, right-click the Resource object in the GroupWise View, then click Rename to 
display the Rename dialog box 


New name: 





[Conference Room 201 2] 


I Save old name 








2 Inthe New Name field, specify the new name for the resource. 
3 Make sure the Save Old Name box is not selected. 
Saving the old name causes duplicate resources to appear in the Address Book. 


4 Click OK to rename the resource. 


16.5 Deleting a Resource 


When you delete a resource, all information is removed for the resource, including any schedules 
that have been established for the resource. 


1 In ConsoleOne, right-click the Resource object, then click Delete. 
2 Click Yes to confirm the deletion. 


16.6 Managing E-Mail Addresses 


To ensure that resource addresses meet your needs, GroupWise enables you to determine the format 
and visibility of addresses, as well as create additional names for resources. The following sections 
provide details: 

+ Section 16.6.1, “Changing a Resource’s Internet Addressing Settings,” on page 257 

+ Section 16.6.2, “Changing a Resource’s Visibility in the Address Book,” on page 258 


+ Section 16.6.3, “Creating a Nickname for a Resource,” on page 259 
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16.6.1 Changing a Resource’s Internet Addressing Settings 


By default, a resource inherits its Internet address settings (preferred Internet address format, 
allowed address formats, and Internet domain name) from its post office, domain, or GroupWise 
system. If necessary, you can override these settings. 


1 In ConsoleOne, right-click the Resource object, then click Properties. 


2 Click GroupWise, then click Internet Addressing to display the Internet Addressing page. 


Properties of Conference Room 2012 


General | NDS Rights v | Other | Rights to Files and Folders | 


Override | Preferred Address format: 
r 








Preferred EMail ID: 





(internet domain name 
Defined at: Corporate Mail 


Allowed Address Formats 


Defined at: Corporate Mail 


Internet domain name: 





Defined at: Corporate Mail 
I For incoming mail, recipients are known exclusively by this Internet domain name 





Page Options... 





3 To override one of the settings, select the Override box, then change the setting. 


Preferred Address Format: The preferred address format determines how the resource’s 
address are displayed in the GroupWise Address Book and in sent messages. 


At the resource level, only three preferred address formats are available. The address formats 
that include first name, last name, and first initial do not apply to resource, so they are not 
available. 


You can completely override the address format by explicitly defining the user portion of the 
address (user@Jnternet domain name). The user portion can include any RFC-compliant 
characters (no spaces, commas, and so forth). The resource name portion must be unique within 
its Internet domain. This means that a resource name can be used multiple times in your 
GroupWise system, if it is used only once in each Internet domain. 


Allowed Address Formats: The allowed address formats determine which address formats 
can be used to send messages to the resource. 

Only the UserID.Post Office@Internet domain name and UserID@Jnternet domain name 
formats are valid for resources. The formats that include first name, last name, and first initial 
are not valid. 

For example, using R1 as the resource ID, Research as the post office, and novell.com as the 
Internet domain, if you select the two valid formats, the resource receives messages sent using 
either of the following addresses: 


rl .research@novell.com 
rl@novell.com 
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Internet Domain Name: The Internet domain name, along with the preferred address format, 
is used when constructing the e-mail address that is displayed in the GroupWise Address Book 
and in the 7o field of sent messages. 


Only the Internet domain names that have been defined are displayed in the list. Internet 
domain names must be defined at the system level (Tools > GroupWise System Operations > 
Internet Addressing). For more information, see Section 45, “Configuring Internet 
Addressing,” on page 703. 


If you override the Internet domain name, the For Incoming Mail, Recipients are Known 
Exclusively by This Internet Domain Name option becomes available. Enable this option if you 
only want the resource to be able to receive messages addressed with this Internet domain 
name. If you don’t enable this option, the resource receives messages addressed using any of 
the Internet domain names assigned to your GroupWise system. 


4 Click OK to save your changes. 


16.6.2 Changing a Resource’s Visibility in the Address Book 


A resource’s visibility level determines which users see the resource in their Address Books. You 
can control the availability of a resource by displaying it in the Address Books of all users in your 
GroupWise system, in the Address Books of those users in the resource’s domain only, in the 
Address Books of those users on the resource’s post office only, or in no Address Books. Even if the 
resource is not displayed in their Address Books, users can schedule the resource if they know the 
resource’s name. 


To change a resource’s visibility: 
1 In ConsoleOne, right-click the Resource object, then click Properties. 


Properties of Conference Room 2012 


GroupWise + | General | NDS Rights ~ | Other | Rights to Files and Folders | 
Identification 


Distinguished Name: Conference Room 2012.GroupWise 





Post Office: Provol Development 





Owner: gsmith 


File ID: 47 





Description: 





Visibility: System 








Resource Type: Resource 








Phone: 


Page Options... | Cancel | 








2 Inthe Visibility field, select the desired visibility level. 


System: The resource is displayed in the Address Books of all users in your GroupWise 
system. 


Domain: The resource is displayed in the Address Books of all users in the resource’s domain. 
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Post Office: The resource is displayed in the Address Books of all users on the resource’s post 


office. 


None: The resource is not displayed in any Address Books. Users need to know the resource’s 


name to schedule it. 


3 Click OK to save your changes. 


16.6.3 Creating a Nickname for a Resource 


Each resource has a specific GroupWise address consisting of the resource’s name, post office, and 
domain (resource_name.post_office.domain). You can assign one or more nicknames to a resource 
to give it an alternate address. Each part of the address (resource_name, post_office, and domain) 


can be different than the resource’s actual address. 


For example, you might want to create a nickname for a resource you have just moved, as described 
in Section 16.3, “Moving a Resource,” on page 255 or renamed, as described in Section 16.4, 
“Renaming a Resource,” on page 256. The nickname, which would be the resource’s old address, 
would ensure that any appointments sent to the old address would be routed to the new address. 


Nicknames are not displayed in the Address Book, which means users will need to know the 


nickname to use it. 


To create a nickname for a resource: 


1 In ConsoleOne, right-click the Resource object, then click Properties. 


2 Click GroupWise > Nicknames to display the Nicknames page. 


Properties of Conference Room 2012 


General | NDS Rights v | Other | Rights to Files and Folders: | 








Object ID 





Post Office 











Page Options... 











3 Click Add to display the Create Nickname dialog box. 
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Create Nickname 


Creating nickname for Conference Room 2012.GroupWise 


Domain.PO: 





Object ID: 








Visibility: 





Given Name: 








Last Name: 





Expiration Date: T Enable 





Cancel Help 





4 Fill in the following fields: 


Domain.PO: Select the post office to which you want to assign the nickname. This can be any 
post office in your GroupWise system; it does not need to be the resource’s post office. 


Object ID: Specify the name to use as the resource_name portion of the nickname. 
Visibility: Ignore this field. It is not used for nicknames. 

Given Name: Ignore this field. It is not used for resource nicknames. 

Last Name: Ignore this field. It is not used for resource nicknames. 


Expiration Date: If you want the nickname to no longer work after a certain date, click Enable 
and then select the desired date. 


5 Click OK to add the nickname to the list. 
6 Click OK to save the changes to the Resource object. 
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Distribution Lists, Groups, and 
Organizational Roles 


+ Chapter 17, “Understanding Distribution Lists, Groups, and Organizational Roles,” on 
page 263 


¢ Chapter 18, “Creating and Managing Distribution Lists,” on page 265 
+ Chapter 19, “Using eDirectory Groups as GroupWise Distribution Lists,” on page 279 


+ Chapter 20, “Using eDirectory Organizational Roles as GroupWise Distribution Lists,” on 
page 285 
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Understanding Distribution Lists, 
Groups, and Organizational Roles 


Distribution lists are specific to GroupWise. Groups and organizational roles are eDirectory™ 
objects that can be configured to work with GroupWise. 


Distribution lists, groups, and organizational roles are all sets of users and (optionally) resources that 
can be addressed as a single entity. When a GroupWise user addresses an item (message, 
appointment, task, or note) to a distribution list, group, or organizational role, each user or resource 
that is a member receives the item if he or she has a GroupWise account. 


The following sections provide information to help you learn about distribution lists, groups, and 
organizational roles: 

+ Section 17.1, “Public vs. Personal Address Lists,” on page 263 

+ Section 17.2, “Distribution Lists,” on page 263 

+ Section 17.3, “eDirectory Groups and Organizational Roles,” on page 264 


17.1 Public vs. Personal Address Lists 


Distribution lists and groups are public address lists, meaning that they are administrator-defined 
lists available to all users in your GroupWise system. 


If users want to create personal address lists, they can create personal groups in the GroupWise 
client. When a user creates personal groups, the groups are saved in his or her mailbox and are 
available for use only by that user. They cannot be shared by, or transferred to, other users. 


If a user wants to send to all users in a particular post office or domain, he or she can use wildcard 
addressing, if it has been enabled. See Section 6.6, “Enabling Wildcard Addressing,” on page 92. 


17.2 Distribution Lists 


A distribution list is specific to GroupWise. It is a public address list that you, as the Group Wise 
administrator, can create to facilitate easier addressing within your GroupWise system. Distribution 
lists can only contain users that have GroupWise accounts. 


Each distribution list you want to create must be added as a Distribution List object in eDirectory. 
The name that you give the Distribution List object becomes the name by which the distribution list 
is displayed in the GroupWise Address Book. 


Distribution List objects can be located in any eDirectory container that is in the same tree as the 
distribution list’s domain. 


Because a distribution list is an addressable entity, you must assign it to a post office when you 
create it. This ensures that the distribution list has a standard GroupWise address 
(distribution_list_name.post_office.domain). 


Regardless of the distribution list’s post office, all GroupWise users can use the distribution list 
when addressing a message. 
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You can determine which users see the distribution list in the Address Book. System visibility 
enables all users in your GroupWise system to see the distribution list. Domain visibility enables all 
users in the distribution list’s domain to see the distribution list. Post Office visibility enables all 
users in the distribution list’s post office to see the distribution list. Setting the visibility level to 
None means that no users see the distribution list in the Address Book. 


Users who cannot see the distribution list in the Address Book can still use the distribution list by 
typing the distribution list name in the To field of the message. 


A distribution list can contain users and resources as well as other distribution lists, groups, and 
organizational roles. Members do not need to be on the same post office as the distribution list’s post 
office. 


For details about distribution lists, see Chapter 18, “Creating and Managing Distribution Lists,” on 
page 265. 


17.3 eDirectory Groups and Organizational 
Roles 


eDirectory groups and organizational roles are general eDirectory objects that can be created to 
facilitate easier administration of eDirectory users who have common needs or who share a common 
role or responsibility. 


If you have eDirectory groups or organizational roles that you want Group Wise users to be able to 
address messages to, you need to make them available in your GroupWise system. When doing so, 
you can choose the groups and roles that you want available, and choose which users they are 
available to. 


If a group or role contains both eDirectory users with GroupWise accounts and eDirectory users 
without GroupWise accounts, only those users with GroupWise accounts receive messages 
addressed to the group or role. 


As mentioned previously, Group and Organizational Role objects are not specific to GroupWise. For 
information about creating these objects, see your eDirectory documentation. 


The name given to the Group object or Organizational Role object becomes the name by which it is 
displayed in the GroupWise Address Book when you make it available. You make a group or role 
available in your GroupWise system by assigning it to a post office. This ensures that the group or 
role has a standard Group Wise address (name.post_office.domain). Regardless of the post office 
where the group or role is assigned, all GroupWise users can use it when addressing a message. 


You can determine which users see the group or role in the Address Book. System visibility enables 
all users in your GroupWise system to see the group or role. Domain visibility enables all users in 
the distribution list’s domain to see the group or role. Post Office visibility enables all users in the 
distribution list’s post office to see the group or role. Setting the visibility level to None means that 
no users can see the group or role in the Address Book. 


Users who cannot see the group or role in the Address Book can still use it by typing the name in the 
To field of the message. 


For details about eDirectory groups and organizational roles, see Chapter 19, “Using eDirectory 
Groups as GroupWise Distribution Lists,” on page 279 and Chapter 20, “Using eDirectory 
Organizational Roles as GroupWise Distribution Lists,” on page 285. 
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Creating and Managing 
Distribution Lists 


A Group Wise? distribution list can contain Group Wise users, resources, and other distribution lists. 
When creating the distribution list, you can determine each entry’s participation in the list (primary 
recipient, carbon copy recipient, or blind copy recipient). 

+ Section 18.1, “Creating a New Distribution List,” on page 265 

+ Section 18.2, “Adding Members to a Distribution List,” on page 268 

+ Section 18.3, “Removing Members from a Distribution List,” on page 269 

+ Section 18.4, “Moving a Distribution List,” on page 269 

+ Section 18.5, “Renaming a Distribution List,” on page 270 

+ Section 18.6, “Enabling Users to Modify a Distribution List,” on page 270 

¢ Section 18.7, “Deleting a Distribution List,” on page 272 

+ Section 18.8, “Managing E-Mail Addresses,” on page 272 

+ Section 18.9, “Adding External Users to a Distribution List,” on page 276 


18.1 Creating a New Distribution List 


1 In ConsoleOne®, right-click the eDirectory container where you want to create the Distribution 
List object, then click New > Distribution List. 


Create GroupWise Distribution List 


Distribution List Name: 





Cancel 


E| Help 


GroupWise Post Office: 








[ Define additional properties 





[ Create another distribution list 





2 Fill in the following fields: 


Distribution List Name: Specify a descriptive name. Because the name is used as part of the 
distribution list’s GroupWise address, do not use any of the following invalid characters in the 
distribution list name: 


ASCII characters 0-13 Comma , 

Asterisk * Double quote " 

At sign @ Extended ASCII characters that are graphical or typographical 
symbols; accented characters in the extended range can be used 

Braces { } Parentheses ( ) 

Colon : Period . 
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GroupWise Post Office: Select the post office the distribution list will be assigned to. The 
distribution list can contain members of other post offices. 


3 Select Define Additional Properties, then click OK. 


Properties of Programmers 


IDS Rights v | Other | Rights to Files and Folders: | 


Distinguished Name: Programmers.GroupWise 





Post Office: Provo1 Development 





Description: 





Visibility: Post Office 











Replication Override: Replicate according to visibility 


Page Options... | cance | 








4 On the Identification page, fill in the following fields: 


Description: Specify a description to help you identify the purpose or members of the 
distribution list. 


Visibility: Select the level at which the distribution list will be visible in the Address Book. 
System enables the distribution list to be visible to all users in your GroupWise system. Domain 
enables the distribution list to be visible to all users in the same domain as the distribution list. 
Post Office enables the distribution list to be visible to all users on the same post office as the 
distribution list. Setting the visibility level to None means that no users can see the distribution 
list in the Address Book. 


Replication Override: By default, distribution lists are replicated throughout your Group Wise 
system based on the selected visibility level. With the default visibility level, distribution lists 
are visible in the GroupWise Address Book for local post office users only and are not 
replicated to other post offices. 


If you set Visibility to Domain, the distribution list is replicated to all post offices in the 
domain, but not to post offices belonging to other domains. If you set Visibility to System, the 
distribution list is replicated to all post offices in your GroupWise system. This default behavior 
corresponds to the Replicate According to Visibility setting. 


Select Replicate Everywhere Regardless of Visibility if you want the distribution list replicated 
throughout your Group Wise system regardless of the selected visibility level. With this setting, 
the distribution list is made available in all post offices, although it is still only visible in the 
GroupWise Address Book according to the selected visibility level. The availability of the 
distribution list in all post offices means that it can be nested into other distribution lists that are 
visible in any post office, and that users in any post office can manually specify the distribution 
list name in the To field of an item. 


5 Click GroupWise > Membership to display the Membership page. 
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Properties of Programmers 


GroupWise + | NDS Rights v | Other | Rights to Files and Folders | 
Membership 


Membership: 





Participation First Name Last Name 





| canest | apply | Her | 





6 Click Add, select the user, resource, distribution list, eDirectory group, or organizational role 
you want to add as a member, then click OK to add the member to the list. 


Properties of Programmers 


GroupWise + | NDS Rights v | Other | Rights to Files and Folders | 
Membership 


Membership: 





Members [ Participation [ First Name Last Name 
askoczylas Development.Provot To Alfons Skoczylas 








Page Options... OK | Cancel | Apply | 








By default, the member is added as a primary recipient (To: recipient). 


7 If you want to change the member’s recipient type, select the member, click Participation, then 
click To, CC, or BC. 


8 Repeat Step 6 and Step 7 to add additional members. 
9 Click OK to save your changes. 
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18.2 Adding Members to a Distribution List 


Distribution lists can contain users, resources, groups, organizational roles, and other distribution 
lists. 


1 In ConsoleOne®, right-click the Distribution List object, then click Properties. 
2 Click GroupWise > Membership to display the Membership page. 


Properties of Programmers 


GroupWise + | NDS Rights + | Other | Rights to Files and Folders | 
Membership 


Membership: 





| Participation [ First Name Last Name 





Page Options... ok | Cancel | apply 








3 Click Add, select the user, resource, distribution list, group, or organizational role you want to 
add as a member, then click OK to add the member to the list. 


If you want to add an external user that is not listed for selection, see Section 18.9, “Adding 
External Users to a Distribution List,” on page 276. 


Properties of Programmers 


GroupWise + | NDS Rights v | Other | Rights to Files and Folders | 
Membership 


Membership: 








Members [ Participation [ First Name Last Name 
askoczylas Development Provot To Alfons Skoczylas 








Page Options... ok | canost | Apply | Hep | 








By default, the selected member is added as a primary recipient (To: recipient). 
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4 Ifyou want to change the member’s recipient type, select the member, click Participation, then 
click 70, CC, or BC. 


5 Repeat Step 3 and Step 4 to add additional members. 
6 Click OK to save your changes. 
Distribution lists are typically managed by an administrator in ConsoleOne. Starting in GroupWise 


7, users can be granted rights to modify distribution lists, as described in Section 18.6, “Enabling 
Users to Modify a Distribution List,” on page 270. 


In addition, GroupWise client users can create shared address books and then create groups within 
those shared address books so that the groups are available to all users with whom the address book 
is been shared. The creator of the shared address book can give other users read only rights, or can 
choose to grant them additional rights for adding, editing, and deleting information. For more 
information about shared address books, see “Sharing an Address Book with Another User” in 
“Using the Address Book” in the GroupWise 7 Windows Client User Guide. 


18.3 Removing Members from a Distribution List 


When you remove users’ or resources’ GroupWise accounts, delete groups, delete organizational 
roles, or delete distribution lists, they are automatically removed from any distribution lists in which 
they have membership. 


To manually remove members from a distribution list: 


1 In ConsoleOne, right-click the Distribution List object, then click Properties. 
2 Click GroupWise > Membership to display the Membership page. 


3 Select the member you want to remove from the list, then click Delete. 


18.4 Moving a Distribution List 


If necessary, you can move a distribution list from one post office to another. For example, you 
might need to move a distribution list from a post office you are removing. 


The distribution list retains the same name on the new post office as it has on the current post office. 
If another user, resource, or distribution list assigned to the new post office has the same name, you 
must rename one of them before you move the distribution list. For details, see Section 18.5, 
“Renaming a Distribution List,” on page 270. 


To move a distribution list: 


1 In ConsoleOne, right-click the Distribution List object in the GroupWise View, then click Move 
to display the GroupWise Move dialog box. 





IMPORTANT: You must select the Distribution List object in the GroupWise View. If you 
select the object in the standard Console View, you will move the Distribution List object from 
one container to another, not the distribution list from one post office to another. 





GroupWise Move Programmers 


Move to post office: 


| 8 








Cancel Help 
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2 Select the post office to which you want to move the distribution list, then click OK to move the 
distribution list. 


18.5 Renaming a Distribution List 


Situations might arise where you need to give a distribution list a new name. For example, you 
might need to move the distribution list to another post office that already has a user, resource, or 
distribution list with the same name. 


To rename a distribution list: 


1 In ConsoleOne, right-click the Distribution List object in the GroupWise View, then click 
Rename to display the Rename dialog box. 


New name: 


Cancel 


[ Save old name 
Help 





2 Inthe New Name field, specify the new name for the distribution list. 


3 Make sure the Save Old Name box is not selected. Saving the old name causes duplicate 
distribution lists to appear in the Address Book. 


4 Click OK to rename the distribution list. 


18.6 Enabling Users to Modify a Distribution List 


In ConsoleOne, you can grant rights to users to modify distribution lists from the Group Wise 
Windows client. However, users cannot create or delete distribution lists; that can be done only in 
ConsoleOne by an administrator. 


To grant edit rights to a specific distribution list to one or more users: 


1 Browse to and right-click a Distribution List object, then click Properties. 


2 Click GroupWise > Administration. 
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Properties of Programmers 


Object ID Post Office 











3 Click Add, then select one or more users who can edit the distribution list. 
4 Click OK to grant the rights. 
5 Notify the users that they have rights to modify the distribution list. 


To give a specific user rights to edit one or more distribution lists: 
1 Browse to and right-click a User object, then click Properties. 
2 Click GroupWise > Distribution List Administration. 


Properties of mbarnard K) 


Security v | Login Methods -| General v IK Restrictions -| Memberships ~| Securt (4[»] 
L 








Object ID | Post Office Í Domain 








Page Options... 








3 Click Add, then select one or more distribution lists for the user to edit. 
4 Click OK to grant the rights. 
5 Notify the user that he or she has rights to modify the distribution lists. 


Creating and Managing Distribution Lists 271 


In the GroupWise client, the editable distribution list does not appear any different to the user 
who has rights to edit it, except that Add and Remove are active for that user. 


18.7 Deleting a Distribution List 


To delete a single distribution list: 


1 In ConsoleOne, right-click the Distribution List object, then click Delete. 
2 Click Yes to confirm the deletion. 


To delete multiple distribution lists that belong to the same post office: 


1 In ConsoleOne, right-click the Post Office object, then click Properties. 
2 Click GroupWise > Distribution Lists. 

3 Select one or more distribution lists, then click Delete. 

4 Click OK to complete the deletion. 


18.8 Managing E-Mail Addresses 


To ensure that distribution list addresses meet your needs, GroupWise enables you to determine the 
format and visibility of addresses, as well as create additional names for distribution lists. The 
following sections provide details: 

+ Section 18.8.1, “Changing a Distribution List’s Internet Addressing Settings,” on page 272 

¢ Section 18.8.2, “Changing a Distribution List’s Visibility in the Address Book,” on page 274 

+ Section 18.8.3, “Creating a Nickname for a Distribution List,” on page 275 


18.8.1 Changing a Distribution List’s Internet Addressing 
Settings 


By default, a distribution list inherits its Internet address settings (preferred Internet address format, 
allowed address formats, and Internet domain name) from its post office, domain, or GroupWise 
system. If necessary, you can override these settings for a distribution list. 


1 In ConsoleOne, right-click the Distribution List object, then click Properties. 
2 Click GroupWise, then click Internet Addressing to display the Internet Addressing page. 
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Properties of Programmers 


Override | Preferred Address format: 
= 








Preferred EMail ID: 





(internet domain name 
Defined at: Corporate Mail 


Allowed Address Formats 


Defined at: Corporate Mail 


Internet domain name: 





Defined at: Corporate Mail 
I” For incoming mail, recipients are known exclusively by this Internet domain name 





Page Options... | Cancel | 





3 To override one of the settings, select the Override box, then change the setting. 


Preferred Address Format: The preferred address format determines how the distribution 
list’s address is displayed in the GroupWise Address Book and in sent messages. 


At the distribution list level, only three preferred address formats are available. The address 
formats that include first name, last name, and first initial do not apply to distribution lists, so 
they are not available. 


You can completely override the address format by explicitly defining the user portion of the 
address (user@IJnternet domain name). The user portion can include any RFC-compliant 
characters (no spaces, commas, and so forth). The distribution list name portion must be unique 
within its Internet domain. This means that a distribution list name can be used multiple times 
in your GroupWise system, provided it is used only once in each Internet domain. 


Allowed Address Formats: The allowed address formats determine which address formats 
can be used to send messages to the distribution list. 


Only the UserID.Post Office@Internet domain name and UserID@Jnternet domain name 
formats are valid for distribution lists. The formats that include first name, last name, and first 
initial are not valid. 


For example, using DL1 as the distribution list ID, Research as the post office, and novell.com 
as the Internet domain, if you select the two valid formats, members of the distribution list 
receive messages sent using either of the following addresses: 


dil.research@novell.com 
dll @novell.com 


Internet Domain Name: The Internet domain name, along with the preferred address format, 
is used when constructing the e-mail address that is displayed in the GroupWise Address Book 
and in the To field of sent messages. 


Only the Internet domain names that have been defined are displayed in the list. Internet 
domain names must be defined at the system level (Tools > GroupWise System Operations > 
Internet Addressing). For more information, see Section 45, “Configuring Internet 
Addressing,” on page 703. 
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If you override the Internet domain name, the For Incoming Mail, Recipients are Known 
Exclusively by This Internet Domain Name option becomes available. Enable this option if you 
only want the distribution list to be able to receive messages addressed with this Internet 
domain name. If you don’t enable this option, the distribution list receive messages addressed 
using any of the Internet domain names assigned to your Group Wise system. 


4 Click OK to save your changes. 


18.8.2 Changing a Distribution List’s Visibility in the Address 
Book 


A distribution list’s visibility level determines which users see the distribution list in the Address 
Books. You can control the availability of a distribution list by displaying it in the Address Book for 
all users in your Group Wise system, in the Address Book for those users in the distribution list’s 
domain only, in the Address Book for those users on the distribution list’s post office only, or not 
displaying it at all. 


1 In ConsoleOne, right-click the Distribution List object, then click Properties. 


Properties of Programmers 


“| Nos Rights v | Other | Rights to Files and Folders | 


Distinguished Name: Programmers.GroupWise 





Post Office: Provo1 Development 





Description: 





Visibility: Post Office 











Replication Override: Replicate according to visibility 





Page Options... | Cancel | 





2 Inthe Visibility field, select the desired visibility level. 


System: The distribution list is displayed in the Address Book for all users in your Group Wise 
system. 


Domain: The distribution list is displayed in the Address Book for all users in the distribution 
list’s domain. 


Post Office: The distribution list is displayed in the Address Book for all users on the 
distribution list’s post office. 


None: The distribution list not displayed in the Address Book. 
3 Click OK to save your changes. 
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18.8.3 Creating a Nickname for a Distribution List 


Each distribution list has a specific GroupWise address consisting of the distribution list’s name, 
post office, and domain (distribution_list_name.post_office.domain). You can assign one or more 
nicknames to a distribution list to give it an alternate address. Each part of the address 
(distribution_list_name, post_office, and domain) can be different than the distribution list’s actual 
address. 


For example, you might want to create a nickname for a distribution list you have just moved (see 
Section 18.8.3, “Creating a Nickname for a Distribution List,” on page 275) or renamed (see 
Section 18.5, “Renaming a Distribution List,” on page 270). The nickname, which would be the 
distribution list’s old address, would ensure that any use of the old address would result in the new 
address being used instead. 


Nicknames are not displayed in the Address Book, which means users need to know the nickname to 
use it. 


To create a nickname for a distribution list: 
1 In ConsoleOne, right-click the Distribution List object, then click Properties. 


2 Click GroupWise > Nicknames to display the Nicknames page. 


Properties of Programmers 
IDS Rights + | Other | Rights to Files and Folders | 











Object ID | Domain Post Office 











Page Options... 





Create Nickname 


Creating nickname for Programmers Groupise 








Domain.PO: | 





Object ID: [ 





visibility: [System 





Given Name: | 





Last Name: | 


Expiration Date: T Enable rey 





| Cancel | Help | 
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4 Fill in the following fields: 


Domain.PO: Select the post office where you want to assign the nickname. This can be any 
post office in your GroupWise system; it does not have to be the distribution list’s post office. 


Object ID: Specify the name to use as the distribution_list_name portion of the nickname. 
Visibility: Ignore this field. Nicknames are not displayed in the Address Book. 

Given Name: Ignore this field. It is not used for distribution list nicknames. 

Last Name: Ignore this field. It is not used for distribution list nicknames. 


Expiration Date: If you want the nickname to no longer work after a certain date, click Enable 
and then select the desired date. 


5 Click OK to add the nickname to the list. 
6 Click OK to save the changes to the Distribution List object. 


18.9 Adding External Users to a Distribution List 


Members of distribution lists must have corresponding eDirectory™ objects. If you want to add 
users to a distribution list, and the users do not belong to your GroupWise system, you must create 
objects to represent these external users within your GroupWise system. 


+ Section 18.9.1, “Creating an External Domain,” on page 276 
+ Section 18.9.2, “Creating an External Post Office,” on page 276 
+ Section 18.9.3, “Creating an External User,” on page 276 
For more information, see Section 6.7, “Adding External Users to the GroupWise Address Book,” 


on page 95. 


18.9.1 Creating an External Domain 


You create an external domain to represent the world outside your GroupWise system. 


1 In ConsoleOne, right-click GroupWise System, then click New > External Domain. 


2 Provide a unique name for the domain, then click OK. 


18.9.2 Creating an External Post Office 


You create an external post office in the external domain to hold External User objects. 


1 In ConsoleOne, right-click the External Domain object, then click New > External Post Office. 


2 Provide a unique name for the post office, then click OK. 


18.9.3 Creating an External User 


You create an external user so that it can be selected when adding members to a distribution list. 


1 In ConsoleOne, right-click the External Post Office object, then click New > External User. 
2 Provide a unique name for the user, then click OK. 


3 Right-click the new External User object, then click Properties. 
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NOORA 


On the Identification page, fill in at least the first and last names. 
Click Group Wise > Internet Addressing. 
Select Override. 


Select the preferred addressing format depending on how you want e-mail to this user to be 
addressed. 


or 
Provide a preferred e-mail ID. 


Click OK to save the user information. 


9 Follow the instructions in Section 18.2, “Adding Members to a Distribution List,” on page 268 


to add the external user to a distribution list. 
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Using eDirectory Groups as 
GroupWise Distribution Lists 


Novell® eDirectory™ groups can be configured to function as GroupWise® distribution lists. 


+ Section 19.1, “Setting Up an eDirectory Group for Use in GroupWise,” on page 279 


+ Section 19.2, “Seeing Which Members of an eDirectory Group Have GroupWise Accounts,” 
on page 280 


¢ Section 19.3, “Changing a Group’s Visibility in the Address Book,” on page 281 
+ Section 19.4, “Moving a Group,” on page 281 

+ Section 19.5, “Renaming a Group,” on page 282 

+ Section 19.6, “Removing a Group from GroupWise,” on page 282 


19.1 Setting Up an eDirectory Group for Use in 
GroupWise 
By default, eDirectory groups are not automatically available for use as distribution lists in 
GroupWise. To make an eDirectory group available, you need to assign it to a GroupWise post 
office. 

1 In ConsoleOne®, right-click the Group object, then click Properties. 

2 Click GroupWise > Account to display the Account page. 


Properties of Help Desk 


General v | Security Equal To Me | GroupWise | NDS Rights v | Other | Rights to Files and Folders | 
Account 





Post Office: Provol Development 











Visibility: Post Office 


Page Options... Cancel 








3 Fill in the following fields: 


Post Office: Select the post office where you want to assign the group. You can choose any 
post office you want. If you plan to limit visibility of the group to users on a specific post office 
or in a specific domain, you should select that post office or a post office in the desired domain. 
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Visibility: Select the level at which the group is visible in the Address Book. System enables 
the group to be visible to all users in your GroupWise system. Domain enables the group to be 
visible to all users in the same domain as the group. Post Office enables the group to be visible 
to all users on the same post office as the group. Setting the visibility to None means that the 
group is not visible at any level. However, even if the group is not displayed in a user’s Address 
Book, he or she can use the group by typing the group’s name in a message’s To field. 


4 Click OK to save the changes. 


The group is now treated like a GroupWise distribution list and is visible in the GroupWise View 
when you filter on distribution lists. 


When GroupWise users send messages to the group, only those group members who have 
GroupWise accounts receive messages. 


For information about using dynamic groups with GroupWise, see TID 3074853 in the Novell 
Support Knowledgebase (http://www.novell.com/support). 


19.2 Seeing Which Members of an eDirectory 
Group Have GroupWise Accounts 


eDirectory groups can include members who have GroupWise accounts and members who do not 
have GroupWise accounts. When the group is used to address a message, only those members who 
have GroupWise accounts receive the message. 


To see which members have GroupWise accounts and which ones do not: 


1 In ConsoleOne, select the Group object, then click Tools > GroupWise Diagnostics > Display 
Object. 


GroupWise Diagnostics 





GroupVVise information for selected object 


Description Value 
z 


Family 1 

Last Modified At Provo1 

Last Modified By (CORP. TREE) admin Docdev Novell 

Unlisted 0 

Distribution List Type Role 

Hemisphere 1 

GUID 71C31030-166F-0000-BAOD-5C00BD000B00 

Member To Provo1 Development mpalu 

Domain Name Provo1 

| act Madifination Thiweday laniary 18 NNT 29042 AM GMT NT-NN 
4 








AL 





eDirectory information for selected object 





Description Value 
Eguivalent To Me aslater.Users Docdev Novell 
zlucas Users Docdey Novell 
mpalu Users Docdey Novell 
NG: Visibility 4 
moditiersName CN=admin OU=Docdev O=Novell 
GUID 80FCDD7E08E8D91 1 8ED100C04F476EBC 
Role Occupant aslater Users Docdev Novell 
zlucas Users Docdev Novell 
mpalu. Users Docdev Novell 
NG: GroupWise ID Provo1 Development Help Desk(11058C05EB60-0928-0000-B745-7B0068007500 


pandi 














ormatorehtama Charmin AI Han dau A-Nnval 
1 





OK 





The top window displays the members who have GroupWise accounts. The bottom window 
displays all members. 
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2 When you’ve finished viewing the information, click OK. 


19.3 Changing a Group’s Visibility in the 
Address Book 


An eDirectory group’s visibility level determines which users see the group in the Address Books. 
You can control the availability of a group by displaying it in the Address Book for all users in your 
GroupWise system, in the Address Book for those users in the group’s domain only, in the Address 
Book for those users on the group’s post office only, or not displaying it at all. 


1 In ConsoleOne, right-click the Group object, then click Properties. 
2 Click GroupWise > Account to display the Account page: 


Properties of Help Desk 


General v | Security Equal To Me | GroupWise | NDS Rights v~ | Other | Rights to Files and Folders | 
Account 





Post Office: Provo Development 











Visibility: Post Office 








Page Options... | Cancel | 


3 Inthe Visibility field, select the desired visibility level. 
System: The group is displayed in the Address Book for all users in your GroupWise system. 
Domain: The group is displayed in the Address Book for all users in the group’s domain. 


Post Office: The group is displayed in the Address Book for all users on the group’s post 
office. 


None: The group is not displayed in the Address Book. 
4 Click OK to save your changes. 


19.4 Moving a Group 


If necessary, you can move an eDirectory group from one post office to another. For example, you 
might need to move a group from a post office you are removing. 


The group retains the same name on the new post office as it has on the current post office. If 
another object (user, resource, distribution list, group, or organizational role) assigned to the new 
post office has the same name, you must rename one of them before you move the group. For 
details, see Section 18.5, “Renaming a Distribution List,” on page 270. 
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To move an eDirectory group from one post office to another: 


1 In ConsoleOne, right-click the Group object in the GroupWise View, then click Move to display 
the GroupWise Move dialog box. 





IMPORTANT: You must select the Group object in the GroupWise View. If you select the 
object in the standard Console View, you will move the Group object from one eDirectory 
container to another, not the group from one post office to another. 





GroupWise Move Help Desk 


Move to post office: 





| Cancel | Help 








2 Select the post office to which you want to move the group, then click OK to move the group. 


19.5 Renaming a Group 


Situations might arise where you need to give an eDirectory group a new name. For example, you 
might need to move the group to another post office that already has an object (user, resource, 
distribution list, group, or organizational unit) with the same name. 


When you rename an eDirectory group, you rename the Group object. This means that not only are 
you changing the name in GroupWise, but also in eDirectory. 


1 In ConsoleOne, right-click the Group object, then click Rename to display the Rename dialog 
box. 


New name: 





eto Des 


[ Save old name 








2 Inthe New Name field, specify the new name for the group. 


3 Make sure the Save Old Name box is not selected. Saving the old name causes duplicate groups 
to appear in the Address Book. 


4 Click OK to rename the group. 


19.6 Removing a Group from GroupWise 


If you decide that you no longer want an eDirectory group to be a distribution list in GroupWise, you 
can remove its association with a GroupWise post office, so that it returns to being just an 
eDirectory group. 


1 In ConsoleOne, right-click the Group object, click Delete, then click Yes to confirm that you 
want to delete the object. 
2 Inthe eDirectory Account box, deselect Delete to retain the Group object in eDirectory. 


The Delete option in the GroupWise Account box is selected by default and cannot be 
deselected. 
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3 Click OK twice to complete the deletion. 
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Using eDirectory Organizational 
Roles as GroupWise Distribution 
Lists 


Organizational roles can be configured to function as Group Wise” distribution lists. 


+ Section 20.1, “Setting Up an Organizational Role for Use in Group Wise,” on page 285 


+ Section 20.2, “Seeing Which Members of an Organizational Role Have Group Wise Accounts,” 
on page 286 


+ Section 20.3, “Changing an Organizational Role’s Visibility in the Address Book,” on page 287 
+ Section 20.4, “Moving an Organizational Role,” on page 287 
+ Section 20.5, “Renaming an Organizational Role,” on page 288 


+ Section 20.6, “Removing an Organizational Role from GroupWise,” on page 289 


20.1 Setting Up an Organizational Role for Use in 
GroupWise 
By default, Novell® eDirectory™ organizational roles are not automatically available for use as 


distribution lists in Group Wise. To make an organizational role available, you need to assign it to a 
GroupWise post office. 


1 In ConsoleOne®, right-click the Organizational Role object, then click Properties. 
2 Click the Group Wise tab to display the Account page. 


Properties of GroupWise Admii 


General v | Security Equal To Me 





Post Office: Provo1 Development 











Visibility: Post Office 





Page Options... Cancel 





3 Fill in the following fields: 
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Post Office: Select the post office where you want to assign the organizational role. You can 
choose any post office you want. If you plan to limit visibility of the organizational role to users 
on a specific post office or in a specific domain, you should select that post office or a post 
office in the desired domain. 


Visibility: Select the level at which the role is visible in the Address Book. System enables the 
role to be visible to all users in your GroupWise system. Domain enables the role to be visible 
to all users in the same domain as the role. Post Office enables the role to be visible to all users 
on the same post office as the role. Setting the visibility to None means that the role is not 
visible at any level. However, even if the role is not displayed in a user’s Address Book, he or 
she can use the role by typing the role’s name in a message’s To field. 


4 Click OK to save the changes. 


The organizational role is now treated like a GroupWise distribution list and is visible in the 
GroupWise View when you filter on distribution lists. 


When Group Wise users send messages to the organization role, only those role members who have 
GroupWise accounts receive messages. 


20.2 Seeing Which Members of an 
Organizational Role Have GroupWise Accounts 


eDirectory organizational roles can include members who have Group Wise accounts and members 
who do not have GroupWise accounts. When the organizational role is used to address a message, 
only those members who have Group Wise accounts receive the message. 


To see which members have GroupWise accounts and which ones do not: 


1 In ConsoleOne, select the Organizational Role object, then click Tools > GroupWise 
Diagnostics > Display Object. 


GroupWise Diagnostics 





GroupWise information for selected object 


Description Value 
[GroupWise Administrators 


Family 1 

Last Modified At Provo1 

Last Modified By (CORP. TREE) admin Docdey Novell 

Unlisted 0 

Distribution List Type Role 

Hemisphere 1 

GUID D?7BAC340-1661 -0000-BA0D-5COOBDO00B00 

Member To Provo2 Sales mdelatorre 

Domain Name Provo1 

| act Madifination Thiweday lanier 48 INT 270-42 AM GMT NTAN 
4 








AL 





eDirectory information for selected object 





Description Value 
Equivalent To Me mdelatorre Users.Docdev Novell 
aslater Users Docdev Novell 
zlucas Users Docde Novell 
NG Visibility 1 
moditiersName CN=admin, OU=Docdev O=Novell 
GUID 00841F445EE7D9118ED100C04F476EBC 
Role Occupant mdelatorre Users Docdev Novell 
aslater Users Docdev Novell 
zlucas Users Docdey Novell 
NGV GroupWise ID Provoi Development GroupWise Administrators{1 10 }6COSEB60-0928-0000-6745-7B0068007 = 


letoch Chi sin Al tenner Alea ki 
(i) 


OK 
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The top window displays the members who have GroupWise accounts. The bottom window 
displays all members. 


2 When you’ve finished viewing the information, click OK. 


20.3 Changing an Organizational Role’s Visibility 
in the Address Book 


An organizational role’s visibility level determines which users see the role in the Address Books. 
You can control the availability of a role by displaying it in the Address Book for all users in your 
Group Wise system, in the Address Book for those users in the role’s domain only, in the Address 

Book for those users on the role’s post office only, or not displaying it at all. 


1 In ConsoleOne, right-click the Organizational Role object, then click Properties. 
2 Click GroupWise > Account to display the Account page: 


Properties of GroupWise Administrators 


General v | Security Equal To Me |: 





Post Office: Provo1 Development 











Visibility: Post Office 


Page Options... | cancer | 








3 Inthe Visibility field, select the desired visibility level. 


System: The organizational role is displayed in the Address Book for all users in your 
Group Wise system. 


Domain: The organizational role is displayed in the Address Book for all users in the role’s 
domain. 


Post Office: The organizational role is displayed in the Address Book for all users on the role’s 
post office. 


None: The organizational role is not displayed in the Address Book. 


4 Click OK to save your changes. 


20.4 Moving an Organizational Role 


If necessary, you can move an organizational role from one post office to another. For example, you 
might need to move an organizational role from a post office you are removing. 
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The organizational role retains the same name on the new post office as it has on the current post 

office. If another object (user, resource, distribution list, group, or organizational role) assigned to 
the new post office has the same name, you will need to rename one of them before you move the 
organizational role. For details, see Section 18.5, “Renaming a Distribution List,” on page 270. 


To move an organizational role from one post office to another: 


1 In ConsoleOne, right-click the Organizational Role object in the GroupWise View, then click 
Move to display the GroupWise Move dialog box. 





IMPORTANT: You must select the Organizational Role object in the GroupWise View. If you 
select the object in the standard Console View, you will move the Organizational Role object 
from one eDirectory container to another, not the group from one post office to another. 





GroupWise Move GroupWise Administrators (EI) 


al 


Move to post office: 





| Cancel | Help | 








2 Selectthe post office to which you want to move the organizational role, then click OK to move 
the organizational role. 


20.5 Renaming an Organizational Role 


Situations might arise where you need to give an organizational role a new name. For example, you 
might need to move the organizational role to another post office that already has an object (user, 
resource, distribution list, group, or organizational unit) with the same name. 


When you rename an organizational role, you rename the Organizational Role object. This means 
that you are not only changing the name in GroupWise, but also in eDirectory. 


To rename an organizational role: 


1 In ConsoleOne, right-click the Organizational Role object, then click Rename to display the 
Group Wise Rename dialog box. 


New name: 





[ GroupWise Administrators 


I Save old name 





2 Inthe New Name field, specify the new name for the organizational role. 


3 Click OK to rename the organizational role. 
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20.6 Removing an Organizational Role from 
GroupWise 


If you decide that you no longer want an organizational role to be a public address list in 
Group Wise, you can remove its association with a Group Wise post office, so that it returns to being 
just an eDirectory organizational role. 


1 In ConsoleOne, right-click the Organizational Role object, click Delete, then click Yes to 
confirm that you want to delete the object. 


2 Inthe eDirectory Account box, deselect Delete to retain the Organizational Role object in 
eDirectory. 


The Delete option in the GroupWise Account box is selected by default and cannot be 
deselected. 


3 Click OK twice to complete the deletion. 
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Libraries and Documents 


+ Chapter 21, “Document Management Services Overview,” on page 293 
¢ Chapter 22, “Creating and Managing Libraries,” on page 299 

¢ Chapter 23, “Creating and Managing Documents,” on page 335 

+ Chapter 24, “Integrations,” on page 363 
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Document Management Services 
Overview 


GroupWise® Document Management Services (DMS) lets users create documents with integrated 
applications, save them, then easily locate a specific document later without knowing the 
application, a specific document name, or the document’s physical location. Users can create, share, 
locate, edit, view, and check out documents that are created under the management of GroupWise 
DMS. 


A GroupWise DMS system consists of the following components: 


+ Section 21.1, “Libraries,” on page 293 
+ Section 21.2, “Document Storage Areas,” on page 295 
+ Section 21.3, “Documents,” on page 295 


¢ Section 21.4, “Integrations,” on page 298 


21.1 Libraries 


A library is a set of documents and a database that allows the documents to be managed as a unit. A 
library must belong to a specific post office but can be accessed by users in other post offices. The 
Group Wise client enables users to store and manage their documents in the library. The Group Wise 
Post Office Agent (POA) transfers documents between the GroupWise client and the library. 


Figure 21-1 Relationship between the Library and the Clients, Applications, and Users Who Use It 
Library Post Office 
POA 


% 


C 
aa a 


GroupWise GroupWise GroupWise 





Client Client Client 
Integrated Integrated Integrated 


Application Application Application 


3 à à 
User User User 


In ConsoleOne®, a library can be viewed where it resides in the Novell® eDirectory™ tree. 
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Figure 21-2 ConsoleOne View Showing its Location in the eDirectory Tree 
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A library can also be viewed in relationship to the post office that owns it. 
Figure 21-3 ConsoleOne View Showing the Library in Relationship to Its Post Office 
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In the GroupWise Windows client, users can view a list of all the libraries to which they have access 
by clicking Tools > Options > Documents. 


Figure 21-4 GroupWise Documents Setup Dialog Box 


Documents Setup 


| Library Configuration | Integrations | General 
Library names: Properties... 


| Accounting Library 


| 
Development Library (Default Set Default 


Research Library | 
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NOTE: This feature is not available in the Cross-Platform client. 





Physically, a library consists of a set of directories and databases stored in the gwdms subdirectory 
of the post office, as illustrated in “Post Office Directory” in GroupWise 7 Troubleshooting 3: 
Message Flow and Directory Structure. 


For complete information on libraries, see Chapter 22, “Creating and Managing Libraries,” on 
page 299. 


21.2 Document Storage Areas 


Documents can be stored at the post office, as illustrated in “Post Office Directory” in GroupWise 7 
Troubleshooting 3: Message Flow and Directory Structure. This is the simplest configuration, but it 
is not recommended for libraries where substantial growth is anticipated because documents stored 
at the post office cannot easily be moved to a different location where additional storage space is 
available. 


Preferably, documents should be stored outside the post office, in document storage areas. 
Document storage areas are physical locations, such as drive volumes, optical devices, hard drives 
on other servers, and so on. Document storage areas can be located anywhere that the POA can 
access them locally or using direct network access (mapped drive or mounted file system). 


A document storage area has the same internal directory structure that is used to store documents at 
the post office. The only difference is that a document storage area can be located anywhere in your 
system. Therefore, a document storage area can be moved easily, so it is easy to expand your 
document storage capacity if you store documents in a document storage area rather than at the post 
office. 


For complete information on document storage areas, see Section 22.6.2, “Managing Document 
Storage Areas,” on page 321. 


21.3 Documents 


Documents created using GroupWise DMS are not stored as individual files. Instead, documents are 
stored in database structures called binary large objects (BLOBs). A document and all of its versions 
are stored in the separate BLOB files. BLOBs are compressed (50% or more) to conserve storage 
space. BLOBs are encrypted to provide security. 


Because documents are stored in a database structure, information can be associated with each 
document that is not part of the document itself, such as: 


¢ Section 21.3.1, “Document Properties,” on page 295 
+ Section 21.3.2, “Document Types,” on page 296 
For complete information on documents, see Chapter 23, “Creating and Managing Documents,” on 


page 335. 


21.3.1 Document Properties 
Document properties are attributes that determine what users see on the document property sheets 


when they create DMS documents. In the GroupWise Windows client, the default document 
properties for a new document appear like this: 
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Figure 21-5 GroupWise Client New Document Dialog Box 


New Document 


Document | Version | Sharing | Activity Log 


Library: Development Library 


Document number: 











Subject: 








Document type: Document 








Author: provol.development.mpalu 
Creator: 

Date created: 1/19/2007 10:09 AM 
Official version: 0 


Current version: 





Open document now 

















NOTE: In the Cross-Platform client, you cannot create new documents in GroupWise. 





In ConsoleOne, the default document properties for a library are defined like this: 


Figure 21-6 ConsoleOne Document Properties Maintenance Window 


«« Document Properties Maintenance DAR 


ee Property Field Data Type | Lookup Table Required Read-only | Hidden Max Leng! Text Case 
G- -W Libraries A String 256 Mixed 
| ot ESE String 256 Mixed 
H- -§ Lookup Tables Number E 2 


Date 


Number - š 
String Document Type 65535 Mixed 
Number : x 

String 65535 Mixed 








The default document properties are often adequate, but for some libraries, additional customized 
document properties can be very useful. For example, the legal department might want Client and 
Matter fields to be required for most documents created by anyone in that department. 





NOTE: Document properties cannot be set in ConsoleOne on Linux. However, you can use 
ConsoleOne on Windows to set document properties for libraries that are located on Linux. 


21.3.2 Document Types 


The Document Type property defines how a document is disposed of when its “life” in the system 
has expired. It is a required field. Users select a document type each time they create a new 
document. 
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Figure 21-7 Lookup Dialog Box 


Document type 





Document 








Document 
Expense 
Form 
Graph 
Image 
Memo 
Minutes 
Misc 
Project 











Maximum versions: 100 
Life: 365 days 
Action: Archive 





A number of default document types are provided, as shown above. If needed, you can set up 
additional document types. For example, you could set up Pleading for the legal department, 
Spreadsheet for accounting, Correspondence for administration, RFP for marketing, White Paper for 
R&D, and so on. 


The document type establishes the following document characteristics: 


+ “Maximum Versions” on page 297 
+ “Expiration Actions” on page 298 


+ “Document Life” on page 298 


The following table lists some of the default document types and their default characteristics: 


Table 21-1 Document Types 


Document Type Maximum Versions Expiration Action Document Life 
Agenda 100 Archive 99 days 
Document 100 Archive 365 days 
Memo 1 Delete 99 days 
Minutes 100 Archive 99 days 

Misc 10 Archive 30 days 
Proposal 100 Archive 99 days 
Report 100 Archive 99 days 
Template 100 Archive 365 days 


Maximum Versions 


Users can create new versions of their documents when they revise them. Version numbers are 
automatically incremented. 


Any version of a document can be designated as the official version by the user. The official version, 
which is not necessarily the most recently edited version, is the one located in searches. Group Wise 
users have the right to designate an official version if they have Edit rights to the document. 
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Each document type property has a maximum number of versions (up to 50,000 per document). 
Most types have a default of 99 versions. A maximum of 0 (zero) versions means that documents of 
that type cannot have versions. 


Document Life 


Document life is the number of days that must pass between the time when a document is last 
accessed and when it is ready for archival or deletion. A document life value of 0 (zero) indicates 
that the document will never be available for archival or deletion. 


Expiration Actions 
When a document’s life expires, its associated expiration action takes place: 


Archive: The document is archived when it reaches its document life date. This is useful for 
important documents because archived documents can be unarchived. 


Delete: The document is automatically deleted when its document life date is reached. This is useful 
for documents that are temporary in nature. 


Retain: The document is not deleted or archived, and remains in the system indefinitely. This option 
is practical for documents that have a recurring use, such as template documents. 


21.4 Integrations 


Integrations serve as the “glue” between document-producing applications and your GroupWise 
DMS system. Integrations provide code specifically designed to allow function calls, such as Open 
or Save, to be redirected to the GroupWise Windows client. This allows GroupWise dialog boxes to 
be displayed instead of the application’s normal dialog boxes for the integrated functions. 
Integrations also allow GroupWise to pull documents from a library and deliver them to applications 
for modification. Then, integrations enable GroupWise to return modified documents to the library 
so that other users can access them. 





NOTE: The Cross-Platform client does not include integrations, which is why you cannot create 
and edit documents from the Cross-Platform client. 


For complete information on the integrations available for the Windows client, see Chapter 24, 
“Integrations,” on page 363. 
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When you first set up a new GroupWise® system, a basic library is automatically created for the first 
post office. A basic library is adequate when: 


+ Document management is not a primary activity of your GroupWise users. 


+ The library will store documents created and used by members of the post office that owns the 
library, or, if you do not need one basic library per post office, by all users within a domain. 


+ All documents will be stored at the post office or in a single document storage area external to 
the post office that owns the library. 


If your anticipated document management needs are more demanding than those listed above, you 
can set up one or more full-service libraries, where you can implement the full range of document 
management capabilities offered by GroupWise Document Management Services (DMS). 


NOTE: The Linux version of ConsoleOne® allows you to create libraries, but it does not allow you 
to set document properties as described in Section 23.2, “Organizing Documents,” on page 338. As 
you plan for libraries on Linux, keep in mind that the Cross-Platform client has only basic document 
management capabilities when compared with the Windows client, as described in “Working with 
Documents” in the GroupWise 7 Cross-Platform Client User Guide. 





To use one or more libraries as part of your GroupWise system, perform the following tasks as 
needed: 

+ Section 22.1, “Planning a Basic Library,” on page 299 

+ Section 22.2, “Setting Up a Basic Library,” on page 302 

+ Section 22.3, “Planning Full-Service Libraries,” on page 303 

+ Section 22.4, “Setting Up a Full-Service Library,” on page 315 

¢ Section 22.5, “Viewing a New Library in Your GroupWise System,” on page 318 

+ Section 22.6, “Managing Libraries,” on page 319 

+ Section 22.7, “Library Worksheets,” on page 331 





IMPORTANT: If you are creating a new library in a clustered GroupWise system, see the 
Group Wise 7 Interoperability Guide before you create the library. 





22.1 Planning a Basic Library 


An initial basic library was created along with the first post office when you set up your Group Wise 
system. That initial basic library is available for immediate use. However, you might want to change 
the location where documents are stored, as described in Section 22.1.4, “Deciding Where to Store 

Documents,” on page 301. You can also create additional basic libraries as needed. 
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This section provides the information you need in order to set up a new basic library. Section 22.7.1, 
“Basic Library Worksheet,” on page 331 lists all the information you need as you set up a basic 
library. You should print the worksheet and fill it out as you complete the tasks listed below: 


+ Section 22.1.1, “Selecting the Post Office That the Library Will Belong To,” on page 300 
+ Section 22.1.2, “Determining the Context for the Library Object,” on page 300 
+ Section 22.1.3, “Choosing the Library Name,” on page 300 
+ Section 22.1.4, “Deciding Where to Store Documents,” on page 301 
After you have completed the tasks and filled out the worksheet, you are ready to continue with 


Section 22.2, “Setting Up a Basic Library,” on page 302. 


22.1.1 Selecting the Post Office That the Library Will Belong To 


If you are creating a basic library for each post office in your GroupWise system, print a copy of 
Section 22.7.1, “Basic Library Worksheet,” on page 331 for each post office. 


If users in several post offices will store documents in the same basic library, you must decide which 
post office should own the library. A library can never be reassigned to a different post office, so you 
should choose the owning post office carefully. You should consider which users will use the library 
most frequently and where you might want to create additional libraries in the future. 


BASIC LIBRARY WORKSHEET 


Under Item 3: Post Office, specify the name of the post office that will own the new basic library. 


22.1.2 Determining the Context for the Library Object 


Generally, you should create the Library object in the same context as its post office. You cannot 
move a Library object after you have created it. 
BASIC LIBRARY WORKSHEET 


Under Item 1: eDirectory Container, specify the container for the Library object. 


22.1.3 Choosing the Library Name 


When you create the Library object, you must give the library a name. This is the name that is 
displayed in ConsoleOne. 


After you have specified the library’s name and created the Library object, the name cannot be 
changed. Therefore, if you have or will have other libraries, you should pick a name that uniquely 
identifies the library. For example, use the name to identify the post office it is assigned to. 


Do not use any of the following characters in the library’s name: 


ASCII characters 0-13 Comma , 


Asterisk * Double quote " 
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At sign @ Extended ASCII characters that are graphical or typographical 
symbols; accented characters in the extended range can be used 


Braces { } Parentheses ( ) 
Colon : Period . 
By default, the library name that users see in the GroupWise client is the same as the Library object 


name. However, you can change the display name if you want it to be different from the Library 
object name. 


BASIC LIBRARY WORKSHEET 


Under Item 2: Library Name, specify the Library object name. 
Under Item 7: Library Description, provide a brief description of the planned use for the library. 


Under Item 8: Display Name, specify the library name you want users to see in the GroupWise client, if it 
is different from the Library object name. 


22.1.4 Deciding Where to Store Documents 


You can store documents at the post office in the post office\gwdms\library\docs 
subdirectory of the post office. You can later add document storage areas outside the post office if 
DMS usage grows. However, the documents stored at the post office can never be moved. 


A document storage area has the same internal directory structure that is used to store documents at 
the post office, but it can be located anywhere in your system. Document storage areas can be 
moved easily, so it is easy to expand your document storage capacity when you store documents in 
document storage areas rather than at the post office. 


You might want to set up a document storage area on the same server where the POA runs so as not 
to increase network traffic. The POA can index and serve documents to users most efficiently if the 
document storage area is located locally. 


BASIC LIBRARY WORKSHEET 


Under Item 4: Store Documents at the Post Office?, mark Yes or No. (No is recommended for permanent 
document storage). 


To define a document storage area, you must know its direct access path. For example, a UNC path 
specifies the absolute location of the document storage directory. 


Syntax: 


\\NetWare server\volume\storage directory 
\\Windows server\sharename\storage directory 


Example: 


\\nw65\gwdocs\docs 
\\winxp\c$\docs 





NOTE: On Linux, ConsoleOne interprets a UNC path so that the first item in the UNC path is the 
Linux server hostname, followed by a Linux path to the document storage area. 
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BASIC LIBRARY WORKSHEET 


If you entered No for Item 4, specify the direct access path under Item 6: Document Storage Area Path. 


Under Item 5: Document Storage Area Description, enter a useful description of the document storage 
area. (This description is displayed only in ConsoleOne.) 


If you need to add a document storage area to the initial library that was created with the first post 
office in your Group Wise system, use the Storage Areas properties page of the Library object in 
ConsoleOne to provide the direct access path, as described in “Adding a Document Storage Area” 
on page 321. 


22.2 Setting Up a Basic Library 


You should already have reviewed Section 22.1, “Planning a Basic Library,” on page 299 and filled 
out Section 22.7.1, “Basic Library Worksheet,” on page 331. Complete the following tasks to setup 
a new basic library: 

+ Section 22.2.1, “Creating the Basic Library,” on page 302 

+ Section 22.5, “Viewing a New Library in Your GroupWise System,” on page 318 


22.2.1 Creating the Basic Library 


To create a new library: 


1 Make sure the POA is running for the post office that will own the new basic library. 


2 In ConsoleOne, browse to and right-click the Novell® eDirectory™ container where you want 
to create the library (worksheet item 1), then click New > Object. 


New Object 


Create object in: 
2 CORP. TREE/GroupWise 





6 GroupWise Distribution List 
© GroupWise Domain 





= GroupWise Library 
Ch 





3 Double-click Group Wise Library, then fill in the fields in the Create GroupWise Library dialog 
box (worksheet items 2 through 6). 
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KS Create GroupWise Library 





Library Name: Lx ] 
sans Cancel 
GroupWise Post Office: 
Bi Help 
Document Storage Area 


Documents may be stored atthe post office 
orin one or more storage areas. Storage 
areas can also be added once the library has 
been created. 


[sess | 


IV Store documents at post office 


I Define additional properties 
T Create another Library 





4 Click Define Additional Properties, then click OK to create the Library object and display the 
library Identification page. 


Properties of Marketing Library 
General | NDS Rights + | Other | Rights to Files and Folders | 


Post Office: Prova3 Marketing 





Description: 








Start Version Number: 4 


Maximum Archive Size: 0 E Bytes 








Display Name: Marketing Library 


Distinguished Name: Marketing Library .GroupWise 


Page Options... | Cancel | 








5 Fill in the Description field (worksheet item 7). 

6 Ifnecessary, edit the Display Name field (worksheet item 8). 

7 Click OK to save the library information. 

8 Test the new library. See Section 22.5, “Viewing a New Library in Your GroupWise System,” 
on page 318. 


Although there are many configuration options for libraries and documents, as described in 
Section 22.3, “Planning Full-Service Libraries,” on page 303, no additional setup is required for a 
basic library. Group Wise client users can begin to store documents in the new library at once. 


22.3 Planning Full-Service Libraries 


If your document management requirements go beyond basic libraries, you can create one or more 
full-service libraries. You might or might not need to make use of all document management 
features in order to meet your DMS users’ needs. 
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This section covers everything you should consider when you set up full-service libraries. The “Full- 
Service Library Worksheet” on page 332 lists all the information you need as you set up a full- 
service library. You should print a copy of the worksheet for each library you plan to create. Fill out 
the worksheet for each library as you complete the tasks listed below. 

¢ Section 22.3.1, “Deciding Which Libraries to Create,” on page 304 

¢ Section 22.3.2, “Selecting the Post Offices To Own Libraries,” on page 308 

+ Section 22.3.3, “Determining the Contexts for Library Objects,” on page 308 

+ Section 22.3.4, “Choosing Library Names,” on page 308 

+ Section 22.3.5, “Deciding Where to Store Documents,” on page 309 

+ Section 22.3.6, “Setting Document Version Options,” on page 311 

+ Section 22.3.7, “Figuring Maximum Archive Directory Size,” on page 312 

¢ Section 22.3.8, “Designating Initial Librarians,” on page 312 

+ Section 22.3.9, “Restricting Initial Public Library Rights,” on page 313 

¢ Section 22.3.10, “Determining Your Indexing Needs,” on page 314 

+ Section 22.3.11, “Determining If You Need to Set Up Integrations for DMS Users,” on 

page 314 


After you have completed the above tasks and filled out the worksheets, you are ready to continue 
with Section 22.4, “Setting Up a Full-Service Library,” on page 315. 


22.3.1 Deciding Which Libraries to Create 


When designing a system of libraries for your GroupWise system, you should review the following 
considerations: 


+ “Library Access for DMS Users” on page 304 
+ “Centralized vs. Decentralized Library Configurations” on page 304 
+ “Library Specialization” on page 307 

Library Access for DMS Users 


Client/server access is the preferred access mode for Group Wise client users. It is the best access 
mode for DMS users because it enables them to access libraries outside their own post offices. 


For information about access modes, see Section 35.4, “Post Office Access Mode,” on page 468. 


Centralized vs. Decentralized Library Configurations 


Reorganizing existing libraries is not a simple process. Therefore, you should determine whether 
you want a centralized or decentralized library configuration before you start creating libraries. 


+ “Centralized Libraries” on page 305 
+ “Decentralized Libraries” on page 306 


+ “Comparative Scenarios” on page 307 
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Centralized Libraries 


Centralized libraries are located in a post office that is dedicated to libraries (no users). Centralized 
libraries are serviced by the POA in the dedicated DMS post office, as shown in the following 


illustration: 


Figure 22-1 Centralized Libraries 
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In the illustration, notice that all libraries belong to the DMS post office, which has no users. All 
GroupWise client users are using client/server access mode, which is required because there are no 
libraries in their local post offices. Each user has access to all four libraries through TCP/IP links to 


the DMS POA. 


The following table lists some advantages and disadvantages of centralized libraries: 
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Table 22-1 Centralized Libraries 


Advantages 


+ Administration can be consolidated, allowing 
one administrator to specialize in document 
management. 


+ Backup can be easier with hardware 
dedicated to one DMS post office, such as 
optical drives, RAID, fast backup units, and so 
on. 


+ Ifa post office server other than the one 
dedicated to libraries goes down, DMS access 
is unaffected for users in the remaining post 
offices. 


Decentralized Libraries 


Disadvantages 


* You must create and maintain a post office 
that is dedicated to libraries only (no users). 


+ This configuration guarantees that all 
document searching and accessing is back 
and forth between users’ post offices and the 
libraries’ post office, possibly degrading 
network performance. 


+ Ifthe post office server dedicated to libraries 
goes down, DMS is unusable for the whole 
GroupWise system. 


Decentralized libraries are located along with users in different post offices. Decentralized libraries 
are serviced by their own local POAs as shown in the following illustration: 


Figure 22-2 Decentralized Libraries 
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In the illustration, notice that each post office has its own library. Users can see each others’ libraries 
as well as their own because of client/server access mode. 


The following table lists some advantages and disadvantages of decentralized libraries 
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Table 22-2 Decentralized Libraries 


Advantages Disadvantages 
+ Network traffic is minimized because most ¢ Libraries and their documents are scattered 
document accessing are in users’ local post over different servers, adding to your 
offices. administrative workload (such as doing 


+ You do not need to maintain an extra DMS backups). 


post office dedicated to libraries only. 


+ Users in a post office where a library resides 
can use direct access mode if necessary. 


Comparative Scenarios 


The following scenarios further illustrate the differences between centralized and decentralized 
libraries: 


+ Assume that you assigned your first library to the same post office your users have membership 
in. By initially assigning a library to the same post office as your users, you establish a 
decentralized configuration for future libraries. You now want a centralized library 
configuration. However, because you cannot reassign the library to another post office, you 
must do one of the following: 


+ Create one or more new libraries under a DMS post office, export all of the documents 
from the first library and import them to the new libraries, delete the first library, and then 
ensure that users can locate their documents. 


+ Create one or more new libraries under a DMS post office and have your librarian use 
mass document operations to move the documents from the first library to the other 
libraries, delete the first library, and then ensure that users can locate their documents. 


+ Assume that you assigned your first library to a DMS post office that is used only for libraries. 
Now you can use either the centralized or decentralized library configuration for your 
additional libraries. The DMS post office can be used for all future libraries to create a 
centralized configuration, or you could assign future libraries to other post offices and leave 
that first one where it is, giving you a decentralized configuration. Setting up your first library 
on a post office server dedicated to only libraries allows you to use either configuration option. 
However, this method initially requires additional hardware and administration. 


Library Specialization 


You can create libraries for such user specialties as administration, accounting, development, human 
resources, legal, marketing, manufacturing, payroll, R&D, sales, shipping, and so on. You can also 
specialize libraries by such functions as general (for all users), administration (including legal and 
payroll), engineering and documentation development (R&D), marketing and sales, manufacturing 
and shipping, and so on. 


You can also use specialization to provide security for sensitive libraries. You do this by setting up 
access restrictions for the libraries. The default is for all DMS users to have access to all libraries in 
the GroupWise system. For more information about restricting library access, see Section 22.6.3, 
“Managing Library Access,” on page 324. 


Restricting library access can also improve users’ search time. When users install the GroupWise 
client on their workstations, they are either automatically assigned a default library (if there is one 
on their post office), or they are asked to select one from the libraries they have access to. By 
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default, DMS searches are performed only on the user’s default library. To search other libraries 
(“global” search), users can select other libraries using the Look In list in the Find dialog box. If you 
limit users’ access to libraries (perhaps by department), their global searches would also be faster. 


Another reason for creating specialized libraries could be for different library configuration needs. 
For example, each library could have specialized document types and document properties that 
would not be needed in other libraries. For a review of document types and properties, see 
Section 21.3, “Documents,” on page 295. For more detailed information, see “Customizing the 
Default Document Type Property” on page 339 and Section 23.2.1, “Customizing Document 
Properties,” on page 338. 


Specialization can also facilitate library management activities, such as controlling library 
accessibility for individual users or groups of users, or managing different uses of document types, 
document properties, or field label naming schemes. 


22.3.2 Selecting the Post Offices To Own Libraries 


As aresult of deciding whether you want to use a centralized or decentralized configuration for your 
libraries and whether or not you need specialized libraries, you should have a good idea of what post 
offices you want to create libraries in. 


If you are using a centralized configuration, create the DMS post office by following the instructions 
in Chapter 11, “Creating a New Post Office,” on page 155, then return to this point. 
FULL-SERVICE LIBRARY WORKSHEET 


Under Item 3: Post Office, specify the name of the post office that will own the new library. 


22.3.3 Determining the Contexts for Library Objects 


You can create a Library object in any container in the eDirectory tree. For example, you could 
create the Library object in the same container as its Post Office object. Or you could create it in a 
special container just for Library objects: 


The containers in which you place the Library objects have no bearing on whether your libraries are 
centralized or decentralized. Library objects can be located anywhere in the tree, no matter which 
post offices the libraries belong to. 


FULL-SERVICE LIBRARY WORKSHEET 


Under Item 1: eDirectory Container, specify the name of the eDirectory container where you want to 
create the new library. 


22.3.4 Choosing Library Names 


A library’s name must be unique within the post office; it also must be unique within its container. 
You should devise a naming scheme that helps to identify all libraries in the GroupWise system. It 
can be useful to include within the library name an indication of which post office it belongs to. 


After you have specified the library’s name and created the Library object, the name cannot be 
changed. 
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Do not use any of the following characters in the library’s name: 


ASCII characters 0-13 Comma, 

Asterisk * Double guote " 

At sign @ Extended ASCII characters that are graphical or typographical symbols; 
accented characters in the extended range can be used 

Braces { } Parentheses ( ) 

Colon: Period . 


By default, the library name that users see in the GroupWise client is the same as the Library object 
name. However, you can change the display name if you want it to be different from the Library 
object name. 


FULL-SERVICE LIBRARY WORKSHEET 


Under Item 2: Library Name, specify the Library object name. 
Under Item 7: Library Description, provide a brief description of the planned use for the library. 


Under Item 10: Display Name, specify the library name you want users to see in the GroupWise client, if 
itis different from the Library object name. 


22.3.5 Deciding Where to Store Documents 


When deciding where to store documents, you should review the following considerations: 


+ “Document Storage Location” on page 309 
+ “Disk Space Requirements” on page 309 


+ “Direct Access Paths to Document Storage Areas” on page 310 


Document Storage Location 


Documents belonging to full-service libraries should not be stored at the post office. Instead, they 
should be stored in document storage areas. For a review, see Section 21.2, “Document Storage 
Areas,” on page 295. 


A library can have more than one document storage area. The only requirement is that the POA that 
services the library must have direct network access (mapped drive or mounted file system) to each 
storage area. 


You can set up one document storage area for each library as you create the Library object. 
Additional document storage areas can be set up using the Storage Areas properties page of the 
Library object, as described in “Adding a Document Storage Area” on page 321. 


Disk Space Requirements 


You need to know the disk space requirements for your libraries in order to choose appropriate 
locations for document storage areas. 
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If you have chosen a centralized library configuration, your document storage areas are all serviced 
by the POA of the DMS post office. Therefore, you can calculate the disk space requirements for 
your GroupWise system as a whole. If you have chosen a decentralized configuration, document 
storage areas are located throughout your GroupWise system. Therefore, disk space requirements 
must be calculated separately for each library. 


If your current document storage statistics are an accurate indicator for a given library or for your 
system, use them for calculating your disk space requirements. Otherwise, use the following formula 
for determining DMS storage needs: 


Formula: 
Number of Users 
x Average Number of Documents per User 
x Average Document Size 
x Average Number of Versions per Document 


Disk Space Required for Library 


Example: 
250 Users 
x 200 Documents per User 
x 50 KB per Document 
x 10 Versions per Document 


25 GB of Disk Space 


Users might create a new version of a document any time they revise it. Because all versions of a 
document are saved in BLOB storage with the original document, disk space can be used up 
quickly! If you know how many versions per document your users average, use that value in the 
formula; otherwise, allow for an average of at least ten versions per document. 


If your Average Document Size value for the formula is based on non-GroupWise documents, they 
will be compressed by about 50% after they have been imported into Group Wise and stored in 
BLOBs. 


You should research your current or expected document usage before deciding where to store 
documents. 
FULL-SERVICE LIBRARY WORKSHEET 


Under Item 7: Document Usage Estimate, enter the requested values and calculate the resulting disk 
space requirements. 


If your values are calculated for the system (rather than per library), enter this information on only one of 
the worksheets. 
Direct Access Paths to Document Storage Areas 


To define a document storage area, you need to know its direct access path. For example, a UNC 
path specifies the absolute location of the document storage directory. 


Syntax: 


\\NetWare server\volume\storage directory 
\\Windows_server\sharename\storage directory 
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Example: 


\\nw65\gwdocs\docs 
\\winxp\c$\docs 





NOTE: On Linux, ConsoleOne interprets a UNC path so that the first item in the UNC path is the 
Linux server hostname, followed by a Linux path to the document storage area. 





You might want to set up a document storage area on the same server where the POA runs so as not 
to increase network traffic. The POA can index and serve documents to users most efficiently if the 
document storage area is located locally. 


FULL-SERVICE LIBRARY WORKSHEET 


Under Item 6: Document Storage Area Path, specify the direct access path. 


Under Item 5: Document Storage Area Description, provide a useful description of the document storage 
area. (This description is displayed only in ConsoleOne.) 


22.3.6 Setting Document Version Options 


When you create a new library, you can establish how document versions are handled. For an 
overview of document versioning, see “Maximum Versions” on page 297. 


+ “Official Version” on page 311 
+ “Start Version Number” on page 311 


Restricting the maximum number of versions should be done after the library has been created, as 
described in Section 22.6.1, “Editing Library Properties,” on page 320. 


Official Version 

By default, any user can establish the official version of a document. However, you can remove that 
right from one or more users if needed. 

FULL-SERVICE LIBRARY WORKSHEET 


Under Item 11: Restrict Public Access Rights, cross out Designate Official Version if you want to 
eliminate that right for all users. 


You can later grant the Designate Official Version to specific users or distribution lists, as described in 
Section 22.6.3, “Managing Library Access,” on page 324. 
Start Version Number 


You must set the start number for each library to either 0 (zero) or 1. The default is 1. This number 
identifies the original document. 


Version numbers are automatically increased from the number you select. If you select 0, the first 
version of a document will be 000. If you select 1, the first version will be 001. 
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FULL-SERVICE LIBRARY WORKSHEET 


Under Item 8: Start Version Number, select 0 or 1. 


22.3.7 Figuring Maximum Archive Directory Size 


Documents created with GroupWise DMS can be archived, depending on their Document Type 
properties. A document’s type determines its disposition, such as archiving or deleting. For more 
information, see “Customizing the Default Document Type Property” on page 339. 


When you archive documents, their BLOB files are moved into archive directories. Each library in a 
document storage area has its own set of archive directories that are automatically created as needed. 
They are named arxxxxxx (where xxxxxx is an incremental integer with leading zeros). A document 
storage area has the same archive directory structure as the gwdms subdirectory in the post office, as 
illustrated in “Post Office Directory” in GroupWise 7 Troubleshooting 3: Message Flow and 
Directory Structure. 


When a document is archived, GroupWise determines if the document’s BLOB file can fit in the 
current archive directory. If it cannot fit, another archive directory is created and the BLOB is 
archived there. 


An archive set consists of all documents in one archive directory. The Maximum Archive Size 
property on the Library object establishes in bytes each archive directory’s size limit. You should set 
this to mirror the capacity of your archival medium (such as a CD). It should not be more than your 
archival medium’s capacity. 


It is usually better to keep archive sets small in comparison to the size of the backup medium. This 
lets you back up archive directories often enough to keep your hard disk space from being used up 
too quickly between backups. For example, if your backup medium has 1 GB capacity, you could 
limit your archive sets to a maximum archive size of 200 MB. 


If your archival system only lets you back up in one pass (in other words, you cannot perform 
consecutive backups to the medium), the Maximum Archive Size should match the archival 
medium’s capacity. 


Some archival mediums require extra space for recording file storage data, such as an index of the 
files stored to tape. Ten percent is usually sufficient. For example, a tape system with 100 MB 
capacity means you should set your Maximum Archive Size to 90 MB. 


Consult your archival medium documentation for information on setting up an effective backup 
strategy. Include in your strategy such concepts as multiple archive sets per backup medium, or 
allowing extra space for the medium’s file storage data. 


ADDITIONAL LIBRARIES WORKSHEET 


Under Item 9: Maximum Archive Size, enter a number (in bytes, with no abbreviations or commas). 


22.3.8 Designating Initial Librarians 
A librarian has full rights to the properties of every document in the library, and can therefore 


perform management tasks on all library documents. You can assign yourself as a librarian. You can 
also delegate these tasks by assigning responsible users in each library as librarians. Any GroupWise 
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user who normally has access to the library can be a librarian. You can also have multiple librarians 
for each library. 


When you first create a new library, you might want to simply designate yourself as the librarian and 
assign other users later. For more detailed information, see Section 22.6.4, “Adding and Training 
Librarians,” on page 326. 


ADDITIONAL LIBRARIES WORKSHEET 


Under Item 12: Librarians, list any users that you want to function as librarians for the new library. 


22.3.9 Restricting Initial Public Library Rights 


The rights to documents in a library apply to the library as a whole; therefore, they are referred to as 
public rights. By default, all public rights are granted to all users in a new library. 


You can restrict which GroupWise library features individual users or distribution lists should have 
by removing the public rights and then restoring them for selected users or distribution lists. 


The following table summarizes the public library rights: 


Table 22-3 Public Library Rights 


Public Right Description 

Add Allows users to add new documents to the library. 

Change Allows users to make changes to existing documents in the library. 

Delete Allows users to delete documents, regardless of who else created them or has 


rights to the documents. However, to be able to delete a document, users must also 
have rights to locate and modify the document (View and Change rights), in addition 
to the Delete right. 


View By itself, this right allows searching, viewing, or copying documents, but does not 
permit editing them. Copies can be edited, because a copy is saved as a separate 
document. Therefore, editing a copy does not affect the original document or any of 
its versions. 


Designate Official Allows any version of a document to be designated as the official version. The 
Version official version, which is not necessarily the most recently-edited version, is the one 
located in searches. 


The official version is usually determined by the creator or author of the document. 
However, the official version can be designated by the last user to edit the 
document (if the user has this right). A user also needs the Change right to the 
document to be able to designate an official version. However, you might still want 
to deselect this as an initial public right. 
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Public Right Description 


Reset In-Use Flag The In-Use flag protects against data loss by preventing multiple users from 
concurrently opening the same document. The purpose of the Reset In-Use Flag 
right is to allow a user or librarian to reset a document's status when the document 
is in use by someone else or when it is erroneously flagged as in use. 


Because you can manually reset the In-Use flag to change a documents status, 
even if the document is currently open, you should use prudence in allowing users 
the public right to change the In-Use flag. You might want to deselect this as a public 
right. 


FULL-SERVICE LIBRARY WORKSHEET 


Under Item 11: Restrict Public Access Rights, cross out any public rights you want to eliminate for all 
users. 


You can later grant the rights to specified users or groups, as described in Section 22.6.3, “Managing 
Library Access,” on page 324. 


Rights to individual documents in a library can be modified at any time by the user listed as the 
creator or author of the document. Just because users might have public rights in a library does not 
mean that they have the equivalent rights to every document in the library. For additional 
information on rights, see “Sharing Documents” in “Creating and Working with Documents” in the 
GroupWise 7 Windows Client User Guide. 


22.3.10 Determining Your Indexing Needs 


The POA performs many tasks in the post offices, as described in Section 35.5, “Role of the Post 
Office Agent,” on page 469. Indexing documents is just one of its many functions. 


If necessary, you can configure an extra POA on another server to handle indexing. Separating POA 
functions can optimize the processing load for the respective POAs, particularly if your GroupWise 
system will regularly search and index a large number of documents. 


If you feel you might need dedicated indexing for DMS documents, see Section 23.3, “Indexing 
Documents,” on page 351 for in-depth information on different configurations. Then determine 
whether you need dedicated indexing. 


FULL-SERVICE LIBRARY WORKSHEET 


Under Item 11: Dedicated POA for Indexing, mark whether or not you plan to set up a separate indexing 
POA. 


22.3.11 Determining If You Need to Set Up Integrations for DMS 
Users 


For an overview of integrations, see Section 21.4, “Integrations,” on page 298. To determine if you 
should set up integrations for a given application, see Chapter 24, “Integrations,” on page 363. 
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NOTE: This item does not apply if all of your users use the Cross-Platform client, where 


integrations are not available. 
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Under Item 14: Set Up Integrations, mark whether or not you need to manually set up integrated 


applications for your DMS users. 


22.4 Setting Up a Full-Service Library 


You should have already reviewed Section 22.3, “Planning Full-Service Libraries,” on page 303 and 
filled out Section 22.7.2, “Full-Service Library Worksheet,” on page 332 for each new library. 
Before starting to create new libraries, be sure your system meets the following prerequisites: 


+ 


+ 


Make sure the eDirectory contexts exist where you will create new Library objects. 


Make sure the post offices exist that will own the new libraries. If you are using a centralized 


configuration, make sure you have created the DMS post office that will own all the libraries by 
following the instructions in Chapter 11, “Creating a New Post Office,” on page 155. 


areas. 


Make sure the POA is running for each post office that will own a new library. 


Make sure you have access to the physical locations where you will set up document storage 


After the prerequisites are met, you are ready set up one or more full-service libraries. 


¢ Section 22.4.1, “Creating the Full-Service Library,” on page 315 


+ 


+ 


22.4.1 Creating the Full-Service Library 


Section 22.5, “Viewing a New Library in Your GroupWise System,” on page 318 
Section 22.4.2, “What’s Next,” on page 317 


Make sure you are logged in to the eDirectory tree where you want to create the library. 


This must be the same tree as the post office the library will belong to (worksheet item 3). 


New Object 


Create object in: 
&, CORP_TREE/GroupWise 


Class: 





88 GroupWise Distribution List 
Q GroupWWise Domain 
la) GroupWise External Entity 





7 GroupWise Library 
QA GroupWise Post Office 
(3 GroupWise Resource 


OK 


Cancel 


Help 








In ConsoleOne, browse to and right-click the eDirectory container where you want to create the 
library (worksheet item 1), then click New > Object. 


3 Double-click Group Wise Library, then fill in the fields in the New Library dialog box 


(worksheet items 2 through 6). 
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KS Create GroupWise Library 


Library Name: 





GroupWise Post Office: 
[ E| kep 
Document Storage Area 


Documents may be stored atthe post office 
orin one or more storage areas. Storage 
areas can also he added once the library has 
been created. 


Create Storage Area 


IV Store documents at post office 











I Define additional properties 
T Create another Library 





4 Click Define Additional Properties, then click OK to create the new Library object and display 
the library Identification page. 


Properties of Marketing Library 
À General | NDS Rights + | Other | Rights to Files and Folders | 


Post Office: Provo3 Marketing 


Description: 

Start Version Number: 1 = 
Maximum Archive Size: 0 S Bytes 

Display Name: Marketing Library 


Distinguished Name: Marketing Library .GroupWise 


Page Options... 





5 Fill in the fields (worksheet items 7 through 10). 
6 Click GroupWise > Rights to display the Rights page. 
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Properties of Development Library 


GroupWise v | General | NDS Rights v | Other | Rights to Files and Folders | 
Rights 


Public Rights 


IV Add V View 





IV Change [V Set official version 


IV Delete IV Reset in-use flag 


Individual or Distribution List Rights 








| Cancel | Apply 








7 Inthe Public Rights box, deselect any rights you want to remove from all library users 
(worksheet item 11). 


8 If you want to set up one or more librarians, click Add, browse to and select one or more users 
or distribution lists (worksheet item 12), then click OK. Select the users and distribution lists, 
then select Manage (Librarian) to give them rights to the properties of all documents in the 
library. 


9 Click OK to save the library information. 


10 Test the library. See Section 22.5, “Viewing a New Library in Your GroupWise System,” on 
page 318. 


22.4.2 What's Next 


After you have created the new library, you can expand its capabilities as needed: 
+ Import and manage documents. See Chapter 23, “Creating and Managing Documents,” on 
page 335 


¢ Set up integrated applications for DMS users (worksheet item 14). See Chapter 24, 
“Integrations,” on page 363 


¢ Grant library rights to specific users or distribution lists. See Section 22.6.3, “Managing 
Library Access,” on page 324. 


+ Assign librarians. See Section 22.6.4, “Adding and Training Librarians,” on page 326. 
¢ Set up multiple document storage areas. See “Adding a Document Storage Area” on page 321. 


+ Set up a dedicated indexing POA (worksheet item 13). See Section 23.3, “Indexing 
Documents,” on page 351 
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22.5 Viewing a New Library in Your GroupWise 
System 


After you create a new library, you can see it in ConsoleOne and GroupWise client users can see it in 
the GroupWise client. 


+ Section 22.5.1, “Seeing the New Library in ConsoleOne,” on page 318 
+ Section 22.5.2, “Seeing the New Library in the GroupWise Windows Client,” on page 319 


22.5.1 Seeing the New Library in ConsoleOne 


In the Console View in ConsoleOne, you can see the new Library object in the context of its 
eDirectory container object. 


Figure 22-3 Console View Showing the New Library Object 


Novell ConsoleOne Oe 


File Edit View Wizards Tools Help 


mejejejejeja] +282 48] 








8 go CORP_TREE «| Console View 

& Help Desk @ Provo2 

&-@R Administration & Secretaries @ Provo3 

4B Development & AccountReps @ Provo4 

QB Legal ® Engineers @ waltham 
-QÀ Marketing & Programmers @ Waitham2 

H- Provot & Salesmen Qa Administration 
i m ee & Testers Ga Development 
3 Provod @ Company Car1 Q Legal 

ja Q Sales @ Company Car 2 QA Marketing 
8 CÀ Support 3 Conference Room 2012 Ga Sales 

-Q Walthamt 9 Group Meeting Room QÀ Support 


#-@ Waltham2 @ Lunchroom @ Administration Library 


82, Novell @ Projector Ki Development Library 


a-f Security  Provo1 @ Marketing Library 
#-@ GroupWise System EIE >| 291tems À 
Iser: admin Docdey Novell tee: CORP. TREE 











In the Group Wise View, you can see the relationship between the new library and the post office it 
belongs to. 


To locate the library in the Group Wise view: 


1 Expand the Group Wise System object. 
2 Expandthe Domain object where the owning post office resides. 
3 Selectthe owning post office. 


4 Inthe drop-down list of objects, select Libraries. 
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Gg Novell ConsoleOne 
File Edit View Tools Help 
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-A security 
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22.5.2 Seeing the New Library in the GroupWise Windows 
Client 


Group Wise Windows client users can see that a new library has been created. They can set it as their 
default library if desired. 


In the Group Wise client: 


1 Click Tools > Options > Documents. 


Documents Setup 


Library Configuration | Integrations | General 


Library names: Properties.. 
Accounting Library | 
| Development Library (Default Set Default 


Research Library 

















The Library Configuration tab should include the new library. 


2 Select the new library, click Set as Default, then click OK to use the new library as the default 
location for storing documents and searching for documents. 


22.6 Managing Libraries 


As your GroupWise DMS system grows and evolves, you might need to perform the following 
activities: 

¢ Section 22.6.1, “Editing Library Properties,” on page 320 

¢ Section 22.6.2, “Managing Document Storage Areas,” on page 321 

+ Section 22.6.3, “Managing Library Access,” on page 324 

+ Section 22.6.4, “Adding and Training Librarians,” on page 326 
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+ Section 22.6.5, “Maintaining Library Databases,” on page 330 
¢ Section 22.6.6, “Moving a Library,” on page 330 
¢ Section 22.6.7, “Deleting a Library,” on page 330 


22.6.1 Editing Library Properties 


After creating a library, you can change some library properties. Other library properties cannot be 
changed. 


1 In ConsoleOne, browse to and right-click the Library object, then click Properties to display 
the library Identification page. 


Properties of Marketing Library 


General | NDS Rights + | Other | Rights to Files and Folders | 


Post Office: Prova3 Marketing 
Description: 








Start Version Number: h xl 


Maximum Archive Size: 0 = Bytes 


Display Name: [Marketing Library 





Distinguished Name: Marketing Library .GroupWise 





Page Options... | Cancel | 





2 Change editable fields as needed. For information about individual fields, click Help. 
3 Click GroupWise > Storage Areas to display the Storage Areas page. 


Properties of Development Library. 
GroupWise + | General | NDS Rights v | Other | Rights to Files and Folders | 
Storage Areas 
Click a check box to use a storage area. To prevent data loss, a storage area record should never be deleted if data is stored at 
its path location. 


Storage Areas: 
IV Development Doc Storage Area 


T Store documents at post office 





Page Options... 
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All document storage areas associated with the library are listed, no matter where they are 
located. On this page, you can add, move, and delete document storage areas. See 
Section 22.6.2, “Managing Document Storage Areas,” on page 321. 


4 Click GroupWise > Rights to display the library Rights page. 


Properties of Development Library 
GroupWise + | General | NDS Rights v | Other | Rights to Files and Folders | 
Rights 
Public Rights 
IV Add M view 
IV Change IV Set official version 
IV Delete PT Reset in-use flag 


Individual or Distribution List Rights 
adharmapalan Marketing Provo3 


stevens Sales Provo2 
mbarnard Development Provo 


T Manage (Librarian) 


F 
r 
IV Reset in-use flag 





Page Options... OK | Cancel | Apply | Help | 





Public library rights granted to all users are selected in the Public Rights box. The Individual 
and Distribution List Rights box shows any additional rights that have been granted to specific 
users. See Section 22.6.3, “Managing Library Access,” on page 324 and Section 22.6.4, 
“Adding and Training Librarians,” on page 326. 


5 Click OK to save changes to the library properties. 


22.6.2 Managing Document Storage Areas 


For a review, see Section 21.2, “Document Storage Areas,” on page 295 and Section 22.1.4, 
“Deciding Where to Store Documents,” on page 301. 


Typically, the initial document storage area for a library is set up when the library is created. 
Thereafter, you can create additional document storage areas as the library grows. You can move a 
document storage area to a location where more storage is available. You can delete a document 
storage area if'it is no longer used. 


+ “Adding a Document Storage Area” on page 321 
+ “Moving a Document Storage Area” on page 323 
+ “Deleting a Document Storage Area” on page 323 


Adding a Document Storage Area 


To help you plan where to create the new document storage area, see Section 22.1.4, “Deciding 
Where to Store Documents,” on page 301. 


To create a new document storage area for a library: 


1 In ConsoleOne, browse to and right-click the Library object, then click Properties. 
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2 Click GroupWise > Storage Areas to display the Storage Areas page. 


Properties of Development Library 


GroupWise + | General | NDS Rights + | Other | Rights to Files and Folders | 
Storage Areas 


Click a check box to use a storage area. To prevent data loss, a storage area record should never be deleted if data is stored at 
its path location. 


Storage Areas: 





IV Development Doc Storage Area 


I Store documents at post office 





Page Options... 








Existing document storage areas are listed. 


3 Click Add to create a new document storage area. 


Create Document Storage Area 


A storage area's path must be used by only one library and should never be modified unless the 
storage area is empty. 





Description: 


| 

UNC Path: J [=| 
| 
[ 








Apple Talk Zone: 





Linux Path: 





4. Provide a description for the document storage area. 
5 Specify the UNC path to the directory where you want to create the document storage area. 
If the directory does not exist, it will be created as the document storage area is set up. 


As an alternative, you can specify an AppleTalk zone to store documents on an Apple* 
computer, or you can specify a UNIX path to store documents on a UNIX server. On Linux, 
you can specify a Linux path. The POA that will service the library must have direct access to 
the location you specify. 


6 Click OK to create the new document storage area and add it to the list of storage areas for the 
library. 


If you have multiple document storage areas selected in the Storage Areas list, new and 
modified documents could be added to any one of them. 


7 Ifyou want to stop storing documents in the previous document storage area, deselect it in the 
Storage Areas list. 


8 Click OK to save the document storage area information. 
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Moving a Document Storage Area 


You might choose to move a document storage area if it is close to exceeding the available disk 
space at its current location and you do not want to create an additional document storage area. 


1 Stop the POA that services the library. 


2 Copy the document storage area directory and all of its contents to the desired location. 


3 Make sure that the POA has access to the new location so that it can read and write documents 
in the document storage area. 


4 In ConsoleOne, browse to and right-click the Library object, then click Properties. 
5 Click GroupWise > Storage Areas to display the Storage Areas page. 


Properties of Development Library 
GroupWise + | General | NDS Rights v | Other | Rights to Files and Folders | 
Storage Areas 
Click a check box to use a storage area. To prevent data loss, a storage area record should never be deleted if data is stored at 
its path location. 


Storage Areas: 





IV Development Doc Storage Area 





I Store documents at post office 








Page Options... 





Existing document storage areas are listed. 


6 Select a document storage area, then click Edit. 


7 Provide the new location for the document storage area, then click OK twice to save the new 
document storage information. 


8 Restart the POA. 


Deleting a Document Storage Area 


When you delete a document storage area, any documents in the document storage area are moved 
to other valid document storage areas for the library. If you want to move documents to a specific 


location before deleting the document storage area, see Section 23.1.3, “Managing Groups of 
Documents,” on page 337. 


To delete a document storage area: 


1 In ConsoleOne, browse to and right-click the Library object that owns the document storage 
area, then click Properties. 


2 Click GroupWise > Storage Areas to display the Storage Areas page. 
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Properties of Development Library 
GroupWise + | General | NDS Rights v | Other | Rights to Files and Folders | 
Storage Areas 
Click a check box to use a storage area. To prevent data loss, a storage area record should never be deleted if data is stored at 
its path location. 


Storage Areas: 





IV Development Doc Storage Area 





I Store documents at post office 





Page Options... | Cancel | 








3 Select a document storage area, then click Delete. 

4 Click OK to close the Storage Areas page 
If the above steps are not successful in deleting a document storage area, perhaps because one or 
more documents were in use during the deletion process, you can use the Analyze/Fix Library action 
of Mailbox/Library Maintenance, with the Remove Deleted Storage Areas and Move Documents 


First options selected, to finish cleaning up the deleted document storage area. For more 
information, see Chapter 28, “Maintaining Library Databases and Documents,” on page 391. 


22.6.3 Managing Library Access 


Access to libraries is controlled by the rights users have to the Library object. By default, when a 
new library is created, all of the following rights are granted: 


Table 22-4 Public Library Rights 


Public Right Description 

Add Allows users to add new documents to the library. 

Change Allows users to make changes to existing documents in the library. 

Delete Allows users to delete documents, regardless of who created them or has rights to 


the documents. However, to be able to delete a document, users must also have 


rights to locate and modify the document (View and Change rights), in addition to 
the Delete right. 


View By itself, this right allows searching, viewing, or copying documents, but does not 
permit editing them. Copies can be edited, because a copy is saved as a separate 


document. Therefore, editing a copy does not affect the original document or any of 
its versions. 
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Public Right Description 


Designate Official Allows any version of a document to be designated as the official version. The 
Version official version, which is not necessarily the most recently edited version, is the one 


located in searches. 


The official version is usually determined by the creator or author of the document. 
However, the official version can be designated by the last user to edit the 
document (if the user has this right). A user also needs the Change right to the 
document to be able to designate an official version. 


Reset In-Use Flag The In-Use flag protects against data loss by preventing multiple users from 


concurrently opening the same document. The purpose of the Reset In-Use Flag 
right is to allow a user or librarian to reset a document's status when the document 
is in use by someone else or when it is erroneously flagged as in use. 


In the GroupWise client the document properties Status field displays the current In- 
Use flag setting for a document. The Status field is automatically set to In Use when 
a document is opened and reset to Available when a document is closed. There can 
also be other values, such as Checked Out. A document cannot be checked out 
when its status is In Use. 


There are a variety of reasons for which you might want to restrict certain library rights, including: 


+ 


+ 


+ 


Your libraries are specialized by department and you want to restrict access to sensitive 
libraries, such as a payroll library. 


Your libraries are distributed across multiple post offices and you want to restrict the scope of 
user searches to only the libraries they should use, thereby speeding up searches. 


Your libraries are distributed across multiple servers and you want to minimize network traffic. 


You have some users who should have more rights than other users to certain libraries. 


To restrict public rights while granting individual rights: 


A OND = 


In ConsoleOne, browse to and right-click the Library object, then click Properties. 
Click GroupWise > Rights to display the Rights page. 

In the Public Rights box, deselect the rights that you want to remove from all users. 
Click Add, then browse to and select the users who need to have rights to the library. 


If the number is large, you might find it easier to create a distribution list for users who need 
rights. Then you can select one distribution list rather than multiple users. See Chapter 18, 
“Creating and Managing Distribution Lists,” on page 265 


In the Individual or Distribution List Rights box, select the users or distribution lists to grant 
rights to. 


Below the list, select the rights that you want to grant. 
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Properties of Development Library 


GroupWise + | General | NDS Rights v | Other | Rights to Files and Folders | 
Rights 


Public Rights 


Vv Add IV View 


IV Change IV Set official version 
IV Delete [T Reset in-use flag 





Individual or Distribution List Rights 
adharmapalan Marketing Provo3 


stevens Sales Provo2 
mbarnard Development Provo 


T Manage (Librarian) 


F 
IV Reset in-use flag 





| cancel | apr | 





In the first example, only one user is granted the Reset In-Use Flag right. 


Properties of Development Library. 
GroupWise + | General | NDS Rights + | Other | Rights to Files and Folders | 
Rights 


Public Rights 


Add View 








[ Change [7 Set official version 


Tr I” Reset in-use flag 


Individual or Distribution List Rights 


Engineers Development Provo1 


T Manage (Librarian) 


M Add F View 
IM Change Set official version 
Delete IV Reset in-use flag 


Page Options... OK | Cancel | Apply | 








In the second example, only members of the Engineers group are granted any rights to the 
Development Library. 


7 Click OK to save the updated library rights information. 


22.6.4 Adding and Training Librarians 


When you first create a library, you might for convenience assign yourself as the initial librarian. As 
library activity increases you can add librarians, and if desired, remove yourself as a librarian. 


+ “Understanding the Role of the Librarian” on page 327 
+ “Setting Up a Librarian GroupWise Account (Optional)” on page 329 


+ “Assigning Librarians” on page 329 
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Understanding the Role of the Librarian 
Keep in mind the following when assigning librarians: 


¢ “Librarian Identity” on page 327 
¢ “Librarian Functions” on page 327 


+ “Librarian Rights” on page 328 


Librarian Identity 


Any Group Wise user with access to a library can be a librarian for the library. You can have multiple 
librarians for a single library. You can also assign a single user as a librarian for multiple libraries. 
Because being a librarian entails additional functions and rights in the library, you should choose 
responsible users as librarians. 


Librarian Functions 
A librarian can perform the following actions: 


+ Check out a document without a copy. 

+ Modify the properties of any document in the library. 

+ Copy documents to another library. 

+ Delete both documents and properties. 

+ Reassign document creators and authors to handle orphaned documents 

+ Reset a document’s status (change the In-Use flag). 

¢ View all activity log records of any document in the library. 

+ Restore document BLOBs from backup. 

+ Perform mass operations, such as moving, deleting, archiving, and changing properties. 


¢ Perform searches (but not full-text searches) on documents that are not available for searching 
by regular users. 


+ Use GroupWise third-party APIs to generate reports on all library documents. 


All operations available to a normal user are also available to a librarian, as long as the security 
requirement discussed under “Librarian Rights” on page 328 is not compromised. The intention is 
that librarians can modify their own documents and document properties. 


All actions taken by a librarian are written to a document’s activity log. 


Unless the librarian’s own Group Wise user ID is in the Author or Security fields, a librarian cannot 
perform the following functions: 

+ Open a document 

+ View a document 

+ Save a document 

+ Check out a document with a copy 


To help new librarians get started, you should explain these librarian functions to them. You can also 
refer new librarians to the “librarian users” topic in the GroupWise client help. 
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Librarian Rights 


In addition to the six public rights, libraries also have a Manage right. When you grant the Manage 
right to a GroupWise user, you designate that user as a librarian. The Manage right gives the 
librarian full access to the properties of every document in the library. However, the Manage right 
does not grant the librarian direct access to the content of any document. 


Because a librarian has full access to document properties, the librarian could add his or her own 
personal GroupWise user ID to the Author or Security field of a document, thus gaining access to 
the document’s content. However, a high-priority e-mail notification would automatically be sent to 
the original person listed in the Author field informing him or her of the action by the librarian. 
Therefore, document privacy is maintained. 


The following table lists the various librarian functions, and whether an e-mail notification is sent if 
the function is performed. 


Table 22-5 Librarian Functions 


Librarian Function Notification? 

Modify the Author or Security fields High-priority e-mail to the author 
Copy a document High-priority e-mail to the author 
Delete a document High-priority e-mail to the author 
Replace a document with a copy from backup High-priority e-mail to the author 


Perform a mass document operation (copy, move, delete, or archive Mass operation e-mails 
documents; modify document properties) 


Reset a documents status (In-Use flag) None 
Check out a document without a copy None 
View the activity log of any document None 


Generate reports on any documents (using GroupWise third-party None 
APIS) 


Mass operation notifications do not specify what action was taken by the librarian; they only specify 
that an action was taken. 


The following table lists the document property fields that the librarian has rights to modify, and 
whether an e-mail notification is sent if the field is modified. 


Property Field Notification? 
Subject No 
Author Yes 


Security (sharing list) Yes 
Document Type No 


Version Description No 
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Property Field Notification? 


Custom Fields No 
File Extension No 
Official Version No 
Current Version No 


If you remove the Manage right from a user, you must manually deselect any rights that the user 
gained from being made a librarian that the user did not previously have. 


Setting Up a Librarian GroupWise Account (Optional) 


The Manage right is always in effect for those users who have been assigned as librarians. However, 
there might be times librarians want to act on their own accord without the possibility of seeing or 
modifying documents that belong to other users. 


To allow users assigned as librarians to act as normal GroupWise users, you could create a single 
librarian account for a library and have users who need to perform librarian tasks log in using the 
librarian Group Wise account and password instead of their own. 


If users assigned as librarians log in under a librarian GroupWise account, they do not have access to 
any documents they would normally have access to under their own accounts, except by altering the 
Author or Security fields. 


Assigning Librarians 
To add librarians to a library: 


1 In ConsoleOne, browse to and right-click the Library object, then click Properties. 
2 Click GroupWise > Rights to display the Rights page. 


3 Click Add, browse to and select the users that you want to assign as librarians, then click OK to 
return to the Rights page. 


Properties of Development Library 
GroupWise v | General | NDS Rights v | Other | Rights to Files and Folders | 
Rights 
Public Rights 


M Add Vv View 


[V Change [V Set official version 








V Delete [V Reset in-use flag 


Individual or Distribution List Rights 





aramirez Sales Provo2 
fthompson Marketing. Provo3 
Hpangilinan. Development Provot 


[V Manage (Librarian) 








Page Options... Cancel Apply 
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4 Inthe Individual or Distribution List Rights box, select the librarian users, select Manage 
(Librarian), then click OK to save the library rights changes. 


22.6.5 Maintaining Library Databases 


The Mailbox/Library Maintenance feature of ConsoleOne offers database maintenance features to 
keep your library and document databases in good condition. See Chapter 28, “Maintaining Library 
Databases and Documents,” on page 391. It also helps you manage the disk space occupied by 
library and document databases and document storage areas. See Section 30.4, “Reducing the Size 
of Libraries and Document Storage Areas,” on page 404. 


When document creators or authors are removed from your GroupWise system, orphaned 
documents might be left behind. See Section 23.4.3, “Handling Orphaned Documents,” on 
page 362. 


To supplement your library maintenance procedures, you should back up your libraries and 


documents regularly. See Section 31.3, “Backing Up a Library and Its Documents,” on page 408. 


22.6.6 Moving a Library 


You cannot move a Library object from one location to another in the eDirectory tree. To accomplish 
the equivalent, you would need to create a new library in the desired location, use a mass move 
operation in the GroupWise client to move the library’s documents from the old library into the new 
library, and then delete the old library. 


As an alternative to moving the library, you can move just its document storage areas. See “Moving 
a Document Storage Area” on page 323. 


22.6.7 Deleting a Library 


You should not delete a library until you make sure that all documents still in the library are no 
longer needed. 


1 In ConsoleOne, browse to and right-click the Post Office object that owns the library to delete, 
then click Properties. 


2 Click GroupWise > Libraries to display the Libraries page. 
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Properties of Development 


DS Rights v | Other | Rights to Files and Folders | 





Libraries: 








(Development Library .GroupWise 








Page Options... | Cancel 





3 Selectthe library to delete, then click Delete. 
All document storages areas and documents are deleted along with the library. 


4 Click OK to close the Libraries page and complete the deletion of the library. 


22.7 Library Worksheets 


+ Section 22.7.1, “Basic Library Worksheet,” on page 331 
+ Section 22.7.2, “Full-Service Library Worksheet,” on page 332 


22.7.1 Basic Library Worksheet 


For instructions on how to use this worksheet, see Section 22.1, “Planning a Basic Library,” on 
page 299. 


Item Explanation 


1) eDirectory Container: Specify the eDirectory container where you will create the Library object. This 
could be the same container as the post office that the library is assigned to. 
The Library object cannot later be moved to a different location. 


For more information, see Section 22.1.2, “Determining the Context for the 
Library Object,” on page 300. 


2) Library Name: Specify a name for the new library. Choose the name carefully. After the 
library is created, it cannot be renamed. 


For more information, see Section 22.1.3, “Choosing the Library Name,” on 
page 300. 


3) Post Office: Indicate which post office the library will belong to. A library cannot later be 
assigned to a different post office. 


For more information, see Section 22.1.1, “Selecting the Post Office That the 
Library Will Belong To,” on page 300. 
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Item 


4) Store Documents at 
the Post Office? 


+ No 


+ Yes 


5) Document Storage 
Area Description: 


6) Document Storage 


Area Path: 


7) Library Description: 


8) Display Name: 


Explanation 


Mark No unless you are absolutely certain you will never need to move the 
documents stored at the post office 


For more information, see Section 22.1.4, “Deciding Where to Store 
Documents,” on page 301. 


Provide a brief description for the document storage area, including such 
information as to which post office it belongs, its current capacity in 
megabytes, and the types of documents that might be stored in it. 


For more information, see Section 22.1.4, “Deciding Where to Store 
Documents,” on page 301. 


If you are not storing documents at the post office, specify the document 
storage area for the library. 


For more information, see Section 22.1.4, “Deciding Where to Store 
Documents,” on page 301. 


Provide a description for the library to help you identify its function in the 
system. 


For more information, see Section 22.1.3, “Choosing the Library Name,” on 
page 300. 


Specify the library name you want users to see in the GroupWise client, if it is 
different from the Library object name. 


For more information, see Section 22.1.3, “Choosing the Library Name,” on 
page 300. 


22.7.2 Full-Service Library Worksheet 


For instructions on how to use this worksheet, see Section 22.3, “Planning Full-Service Libraries,’ 


on page 303. 


Item 


1) eDirectory Container: 


2) Library Name: 


5 


Explanation 


Specify the name of the eDirectory container where you will 
create the Library object. This could be the same container as for 
the post office that owns the library. The Llbrary object cannot 
later be moved to a different context. 


For more information, see Section 22.3.3, “Determining the 
Contexts for Library Objects,” on page 308. 


Specify a name for the new library. Choose the name carefully. 
After the library is created, it cannot be renamed. 


For more information, see Section 22.3.4, “Choosing Library 
Names,” on page 308. 
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Item 


3) Post Office: 


4) Document Usage Estimate: 


a) Number of DMS users: 
b) Average number of 
documents per user: 
c) Average document 
size (bytes): 
d) Average number of 
versions per document: 
e) Total: 
(multiply a times b times 
c times d) 


5) Document Storage Area 
Description: 


6) Document Storage Area Path: 


7) Library Description: 


8) Start Version Number: 


. 0 


+ 1 


9) Maximum Archive Size: 


Explanation 


Specify the post office that the library will belong to. A library 
cannot later be assigned to a different library. 


If you will using a centralized library configuration and you have 
not yet created the DMS post office, follow the instructions in 
Chapter 11, “Creating a New Post Office,” on page 155 before 
you begin creating libraries. 


For more information, see Section 22.3.1, “Deciding Which 
Libraries to Create,” on page 304. 


Calculate how much disk space the new library will need in order 
to help you select a location where you will store documents. 


For more information, see Section 22.3.5, “Deciding Where to 
Store Documents,” on page 309. 


Provide a brief description for the document storage area, 
including such information as which library it belongs to, its 
current capacity in megabytes, and the types of documents 
stored in it. 


For more information, see Section 22.3.5, “Deciding Where to 
Store Documents,” on page 309. 


Specify the UNC path to the location where you want to create 
the initial document storage area for the post office. 


For more information, see Section 22.3.5, “Deciding Where to 
Store Documents,” on page 309. 


Provide a brief description for the new library, including what post 
office it belongs to, what types of documents will be stored in it, 
and so on. 


For more information, see Section 22.3.1, “Deciding Which 
Libraries to Create,” on page 304. 


Select 0 or 1. 


For more information, see Section 22.3.6, “Setting Document 
Version Options,” on page 311. 


Specify the maximum number of bytes to allow per archive 
directory. Use a size that conforms with your backup strategy 
and backup medium requirements. 


For more information, see Section 22.3.7, “Figuring Maximum 
Archive Directory Size,” on page 312. 
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Item 


10) Display Name: 


11) Restrict Public Library Rights: 


+ 


+ 


+ 


+ 


+ 


+ 


Add 

Change 

Delete 

View 

Designate Official Version 


Reset In-Use Flag 


12) Librarians: 


13) Dedicated POA for Indexing 


+ 


+ 


Yes 
No 


14) Set Up Integrations 


+ 


+ 


Yes 
No 
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Explanation 


Specify the library name you want users to see in the GroupWise 
client, if it is different from the Library object name. 


For more information, see Section 22.3.4, “Choosing Library 
Names,” on page 308. 


Cross out any public library rights you do not want all users to 
have. 


For more information, see Section 22.3.1, “Deciding Which 
Libraries to Create,” on page 304 or Section 22.3.6, “Setting 
Document Version Options,” on page 311. 


List any users you want to have full rights to all documents in the 
library. 


For more information, see Section 22.3.8, “Designating Initial 
Librarians,” on page 312. 


Mark whether or not you want to configure and run a separate 
POA dedicated to indexing documents. 


For more information, see Section 22.3.10, “Determining Your 
Indexing Needs,” on page 314. 


Mark whether or not you need to manually set up integrations. 


For more information, see Chapter 24, “Integrations,” on 
page 363. 


Creating and Managing 
Documents 


GroupWise® Document Management Services (DMS) lets Windows client users create documents 
with integrated applications, save them, then easily locate a specific document later without 
knowing the application, a specific document name, or the document’s physical location. Windows 
client users can create, share, locate, edit, view, and check out documents that are created under the 
management of GroupWise DMS. 

+ Section 23.1, “Adding Documents to Libraries,” on page 335 

¢ Section 23.2, “Organizing Documents,” on page 338 

+ Section 23.3, “Indexing Documents,” on page 351 


+ Section 23.4, “Managing Documents,” on page 360 





NOTE: Cross-Platform client users have only basic DMS capabilities, as described in “Working 
with Documents” in the GroupWise 7 Cross-Platform Client User Guide. 





23.1 Adding Documents to Libraries 


After you set up one or more libraries, users can add new documents to any library to which they 
have rights. They can also import existing documents into the GroupWise DMS system. 


+ Section 23.1.1, “Creating New Documents in the GroupWise Windows Client,” on page 335 


+ Section 23.1.2, “Importing Existing Documents into the GroupWise DMS System,” on 
page 336 


+ Section 23.1.3, “Managing Groups of Documents,” on page 337 


23.1.1 Creating New Documents in the GroupWise Windows 
Client 


1 Click File > New > Document. 


New Document 


( Select an application 
© Select a GroupWise template 


O Select a file 


Applications: 


Bitmap Image 

Microsoft Access Application 
OpenDocument Drawing 
OpenDocument Presentation 
OpenDocument Spreadsheet 
OpenDocument Text 


Wave Sound 


Library where document will be stored: 


Development Library (Default) 





2 Select the program you want to use to create the document, select the library where you want to 
store the document, then click OK. 
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3 Inthe New Document dialog box, type a brief description of the document. 


New Document 


Document subject: 




















Open document now OK Cancel Properties... 








4. To set document properties, click Properties. 


New Document 


— 
Document | Version | Sharing | Activity Log 
Library: Development Library 


Document number: 








Subject: 





Document type: Document 








Author: provol.development.mpalu 
Creator: 

Date created: 1/19/2007 10:09 AM 
Official version: 0 


Current version: 





Open document now 














5 Setthe document properties as needed, then click OK. 


The selected program starts so you can create a new document. 


For more detailed information about creating documents in the GroupWise client, see “Creating 
Documents” in “Creating and Working with Documents” in the GroupWise 7 Windows Client User 
Guide. You can also look up “documents” in the GroupWise client help. 


23.1.2 Importing Existing Documents into the GroupWise DMS 
System 


Some users might have existing documents that they want to manage by adding them to a 
Group Wise library. 


To import documents using the GroupWise Windows client: 


1 Click File > Import Documents. 
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Select Files to Import 


Files to import: 





Add Individual Files... ] [ Add Entire Directory... 














V] Quick import (Recommended) 


Copies documents to your default library and creates document 
references in the folder you specify. 








Cancel 


2 Click Add Individual Documents, browse to and select the documents to add, then click OK. 


or 


Click Add Entire Directory, browse to and select a directory containing documents to import, 
then click OK. 


For additional instructions about creating documents in the GroupWise client, see “Importing 
Documents into a GroupWise Library” in “Creating and Working with Documents” in the 
GroupWise 7 Windows Client User Guide. You can also look up “import documents” in the 
GroupWise client help. 


23.1.3 Managing Groups of Documents 


As users add documents and your Group Wise DMS system grows, your librarians might need to 
assist users in managing large groups of documents. If you have not yet assigned librarians to your 
GroupWise libraries, see Section 22.6.4, “Adding and Training Librarians,” on page 326. 


To manage large groups of documents in the Group Wise Windows client: 


1 Click Tools > Mass Document Operations. 


Mass Document Operations 


Select the operation you want to perform. The operation will affect all versions of a 
document. 
Operation 
© Change properties © Change sharing 
O Move O Copy 
O Delete 


Selection method 


© Use Find/Advanced Find to select documents 


O Use Find by Example to select documents 


© Use documents listed in a file 
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2 Select the operation to perform on the group of documents: 
+ Change properties 
+ Move 
+ Delete 
+ Change sharing 
* Copy 

3 Select the method for identifying the group of documents to perform the operation on: 
+ Use Find/Advanced Find to select documents 
+ Use Find by Example to select documents 
¢ Use currently selected documents 
+ Use documents listed in a file. 

For additional instructions about creating documents in the Group Wise client, see “Managing 


Groups of Documents” in “Creating and Working with Documents” in the GroupWise 7 Windows 
Client User Guide. You can also look up “mass document operations” in the GroupWise client help. 


23.2 Organizing Documents 


Because documents are stored in a database structure, information can be associated with each 
document that is not part of the document itself. This additional information is stored as document 
properties. 

+ Section 23.2.1, “Customizing Document Properties,” on page 338 


+ Section 23.2.2, “Defining Related Document Properties,” on page 347 





NOTE: Document properties cannot be set in ConsoleOne® on Linux. However, you can use 
ConsoleOne on Windows to set document properties for libraries that are located on Linux. 


23.2.1 Customizing Document Properties 


For a summary of document properties, see Section 21.3.1, “Document Properties,” on page 295. To 
review, the following document properties are provided by default: 


Author 

Creator 

Current Version Number 
Date Created 

Document Number 
Document Type 

Official Version Number 
Subject 


The default document property types cannot be deleted. Except for the Document Type property, 
they cannot be modified. However, you can add custom document types as needed. 


+ “Customizing the Default Document Type Property” on page 339 


+ “Planning Custom Document Properties” on page 340 
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+ “Adding Custom Document Properties” on page 343 
+ “Planning Custom Lookup Tables for Custom Document Properties” on page 344 
+ “Adding Custom Lookup Tables” on page 346 


Customizing the Default Document Type Property 


The Document Type property is the only default document property that you can modify. For a 
review of document types, see Section 21.3.2, “Document Types,” on page 296. You must have at 
least one document type, because it is a required document property field. 


To modify the Document Type property for all libraries in a post office: 
1 In ConsoleOne on Windows, browse to and select the post office that has libraries where you 
want to modify the Document Type property. 
2 Click Tools > GroupWise Utilities > Document Properties Maintenance. 


«a Document Properties Maintenance 
File Edit Help 


H +a- 


P Provo2.Sales 




















J- -Eh Lookup Tables 








If you expand Libraries and select each library, you see that each library has the Document 
Type property. It is required. 


3 Expand Lookup Tables, then select Document Type. 


«« Document Properties Maintenance 
File Edit Help 


P Provo2. Sales Maximum Versions Expiration Action | 
A- -Y Libraries Archive 
' kd -F Sales Library Archive 
=- -§ Lookup Tables | Archive 
---(m] ed Archive 
Archive 
Archive 
Archive 
Archive 
Delete 
Archive 
Archive 
Archive 
Archive 
Archive 
Archive 
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The lookup table defines the list of choices offered to users when they select a document type, 
no matter which library in the post office they are creating the document in. 


4 To add a new document type, click Edit > Add. In the Value field, type the new document type, 
click Add, then click Close. 


Lookup Entry: Document Type 





Value: | 


Expiration Action 
Maximum Versions: ( Archive 





Document Life (days): © Retain 
Delete 


Help | 








5 To edit an existing document type, click Edit > Edit. Change the settings as needed, click 
Update, then click Close. 


Lookup Entry: Document Type 


Value: Agenda] Update | 


Expiration Action 





Maximum Versions: ( Archive 





Document Life (days): © Retain 
C Delete 


Cancel | Help | 








For more details about the fields associated with the Document Type property, see 
Section 21.3.2, “Document Types,” on page 296. 


6 To delete a document type, select the document type, click Edit, then click Delete. 


Planning Custom Document Properties 


When you need to add custom document properties, print the “Custom Document Properties 
Worksheet” on page 342. One copy ofthe worksheet accommodates three new document properties. 


The following table describes the fields and values associated with custom document properties: 
Table 23-1 Document Properties 


Document Property 


Field Field Values 

Property Field: The document property field is the label that GroupWise client users see in the 
document Properties dialog box. 
When you create a new document property, you can provide a description as 
well. However, the description displays only in ConsoleOne, not in the GroupWise 
client. 

Read-Only? Yes: The document property field displays information, but it is not accessible to 
users. 


No: Users can type in the document property field. 
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Document Property 
Field 


Required? 


Hidden? 


Lookup Table: 


Related Property: 


Data Type: 


Maximum Length: 


Case: 


Minimum Value: 
Maximum Value: 


Parent: 


Field Values 


Yes: The user must supply a value for the document property. 
No: The user can leave the document property field blank. 


Yes: The document property field is not displayed in the GroupWise client 
interface. 


No: The document property field is displayed in the GroupWise client interface. 


A lookup table is required for a custom document property only when you want to 
offer the user a list of choices, rather than having the user type in the setting. The 
lookup table guarantees that the user provides a valid setting. For more 
information, see “Planning Custom Lookup Tables for Custom Document 
Properties” on page 344. 


A related property is required for a custom document property only when you 
create a lookup table that references a related lookup table. For more information, 
see Section 23.2.2, “Defining Related Document Properties,” on page 347. 


Binary: An Object API reads and writes this information 
Date: Displayed in the Windows format selected by the user 
Number: Numerical only 

String: Alphanumeric 


For the String data type, you can specify the maximum number of characters 
allowed in the string. The longest possible string is 65535 alphanumeric 
characters. 


For the String data type, you can control how the user’s input is handled: 
Upper: Forces entries to display in uppercase 

Lower: Forces entries to display in lowercase 

Mixed: Allows alphabetical characters to be displayed as typed 

For the Number data type, you can specify a minimum acceptable value. 
For the Number data type, you can specify a maximum acceptable value. 


If the new document property is related to an existing document property in a 
parent-child relationship, you must specify the parent document property. For 
more information, see Section 23.2.2, “Defining Related Document Properties,” 
on page 347. 


Use copies of the “Custom Document Properties Worksheet” on page 342 to plan the custom 
document properties you want to add to libraries. 


If you need to create one or more lookup tables for your custom document properties, follow the 
instructions in “Planning Custom Lookup Tables for Custom Document Properties” on page 344 and 
“Adding Custom Lookup Tables” on page 346. Lookup tables used by new document properties 
should exist before you create custom document properties. 


Then continue with “Adding Custom Document Properties” on page 343. 
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Custom Document Properties Worksheet 


For instructions on how to use this worksheet, see “Planning Custom Document Properties” on 
page 340. 


Custom Document Custom Document Custom Document 


hem Property Property Property 


1) Post Office: 


2) Libraries: 


3) Property Label: 


4) Description: 


5) Read-Only? 
+ Yes 
* No 

6) Required? 
+ Yes 
* No 

7) Hidden? 
+ Yes 
* No 


8) Lookup Table: 


9) Data Type: 

+ Binary 

+ Date 

+ Number 

+ String 
10) Maximum Length: 
11) Case: 


+ Mixed 
+ Upper 


+ Lower 
12) Minimum Value: 


13) Maximum Value: 
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Custom Document Custom Document Custom Document 


Item Property Property Property 


14) Parent: 


Adding Custom Document Properties 


After you have determined what new document properties will meet the needs of your DMS system, 
as described in “Planning Custom Document Properties” on page 340, and if necessary you have 
created lookup tables for your new document properties, as described in “Planning Custom Lookup 
Tables for Custom Document Properties” on page 344 and “Adding Custom Lookup Tables” on 
page 346, you are ready to add new custom document properties. 


To add new custom document properties: 


1 In ConsoleOne on Windows, browse to and select the Post Office object that owns the library 
for which you are creating custom document properties (worksheet item 1). 


2 Click Tools > GroupWise Utilities > Document Properties Maintenance. 


«a Document Properties Maintenance 
File Edit Help 


H +2- 
Tp Provo2. 123 


H- p Lookup Tables 





3 Expand Libraries, then select the library for which you are creating custom document 
properties (worksheet item 2). 


«« Document Properties Maintenance 


Data Type Lookup Table Required Read-only Hidden Max Lengl Text Case 
String Yes No No 256 Mixed 
4 Sting No Yes No 256 Mixed 
E CA Lookup Tables Number No Yes No À - 





Date No Yes No 


Number No Yes No - = 
String Document Type Yes No No 65535 Mixed 
Number No Yes No E 2 
String No No No 65535 Mixed 








4 Click Edit > Add to display the Document Property Definition dialog box. 
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Document Property Definition 





Property Label: 





Description: 
[l Read-only 
Required 
[ Hidden 





Lookup Table: 





Related Property: | (none) 





Data Type: String 





Maximum Length: [65535 














Case: Mixed 





Fields vary according to data type. 
5 Fill in the fields (worksheet items 3 through 14). 
6 Click OK to create the new custom document property. 


In the Document Properties Maintenance window, the new document property is listed in 
alphabetical order. In the GroupWise client, custom document properties are listed after default 
document properties, in the order in which they are added to the library. 


7 Repeat Step 4 through Step 6 for each new custom document property. 


When users next create documents in the library, the new custom document properties will be 
available to them. 


Planning Custom Lookup Tables for Custom Document Properties 


A lookup table is required for a custom document property only when you want to offer the user a 
list of choices, rather than having the user type in the setting. The lookup table guarantees that the 
user provides a valid setting. 


Lookup tables are defined for the post office, so that multiple libraries in the post office can 
reference the same lookup tables. 


When you need to provide lookup tables for custom document properties, print the “Custom Lookup 
Tables Worksheet” on page 345. One copy of the worksheet accommodates three new lookup tables. 


The following table describes the fields and values associated with lookup tables: 


344 GroupWise 7 Administration Guide 


Table 23-2 Lookup Table Values 


Look Up Table Field 


Lookup Table Name: 


Related Table: 


Data Type: 


Maximum Length: 


Case: 


Minimum Value: 
Maximum Value: 


Lookup Table Entries: 


Field Values 


The lookup table name identifies the lookup table when you are assigning it to a 
property field. 


If the lookup table pertains to only one document property, you can name the 
lookup table the same as the document property. For example, the default 
property Document Type uses a lookup table named Document Type. 


However, lookup tables can be used by multiple document properties. For 
example, you could have a lookup table named Project used by document 
properties named Primary Project and Secondary Project. 


When you create a new lookup table, you can provide a description as well. If the 
lookup table name does not match a document property, you could indicate what 
document properties use the lookup table. 


A related table is required for a lookup table only when you want to define related 
properties. For more information, see Section 23.2.2, “Defining Related 
Document Properties,” on page 347. 


Binary: An Object API reads and writes this information 
Date: Displayed in the Windows format selected by the user 
Number: Numerical only 

String: Alphanumeric 


For the String data type, you can specify the maximum number of characters 
allowed in the string. The longest possible string is 65535 alphanumeric 
characters. 


For the String data type, you can control how the user’s input is handled: 
Upper: Forces entries to display in uppercase 

Lower: Forces entries to display in lowercase 

Mixed: Allows alphabetical characters to be displayed as typed 

For the Number data type, you can specify a minimum acceptable value. 
For the Number data type, you can specify a maximum acceptable value. 


The lookup table entries are the settings that users will choose from when they 
set the custom document property. 


Use copies of the “Custom Lookup Tables Worksheet” on page 345 to plan the lookup tables you 
need in order to provide values for new custom document properties. If you need to use related 
properties, follow the instructions in Section 23.2.2, “Defining Related Document Properties,” on 
page 347. Then continue with “Adding Custom Lookup Tables” on page 346. 


Custom Lookup Tables Worksheet 


For instructions on how to use this worksheet, see “Planning Custom Lookup Tables for Custom 
Document Properties” on page 344. 
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Custom 


hm Lookup Table 


1) Post Office: 


2) Property Label: 


3) Lookup Table Name: 


4) Description: 


5) Related Table: 
6) Data Type: 

+ Binary 

+ Date 


+ Number 


+ String 
7) Maximum Length: 
8) Case: 


+ Mixed 
+ Upper 


+ Lower 
9) Minimum Value: 
10) Maximum Value: 


11) Lookup Table Entries: 


Adding Custom Lookup Tables 


Custom 
Lookup Table 


Custom 
Lookup Table 


After you have determined what new lookup tables and lookup table entries you need to 


accommodate your new custom document properties, as described in “Planning Custom Lookup 
Tables for Custom Document Properties” on page 344, you are ready to add new lookup tables. 


1 In ConsoleOne on Windows, browse to and select the Post Office object that owns the libraries 


for which you are creating lookup tables (worksheet item 1). 


2 Click Tools > GroupWise Utilities > Document Properties Maintenance. 
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«a Document Properties Maintenance 
File Edit Help 


£ g 
"7 Provo2.Sales 
| 4 


- -iĝ Lookup Tables 























3 Select Lookup Tables, then click Edit > Add to display the Lookup Table Definition dialog box. 


Lookup Table Definition 





Table Name: [E 





Description: 





Related Table: [none] 





Data Type: [Sting i 





Maximum Length: [65535 


Case: Mixed zi 








Fields vary depending on data type. 
4 Fill in the fields (worksheet items 3 through 10). 
5 Click OK to create the new lookup table. 
6 Select the new lookup table, then click Edit > Add to display the Lookup Entry dialog box. 


Lookup Entry 


pa 


Close Help 





7 Inthe Value field, type one of the document property settings you want to offer to users 
(worksheet item 11), then click Add. 


8 Repeat Step 7 for all the lookup table entries listed on your worksheet for this lookup table, 
then click Close. 


9 Click OK to create the custom lookup table. 


23.2.2 Defining Related Document Properties 
When document properties are related, your choice for the first property determines the settings you 


are offered for the second property. The user’s selection in the first field determines what choices 
were offered in the second field. 
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Related document properties are set up by creating related lookup tables. Complete the following 
tasks to set up related document properties: 


+ “Planning Related Document Properties” on page 348 
+ “Creating Related Lookup Tables” on page 350 
+ “Setting Up Related Document Properties” on page 351 


Planning Related Document Properties 


Related document properties use a parent-child relationship. A parent property can have multiple 
child properties, but a child property can belong to only one parent. The relationship can include 
only two levels. A parent property cannot function as a child and a child property cannot function as 
a parent. The default document properties cannot participate as related properties. 


In the Development Library example above, the Product document property would be the parent 
property and the Component document property would be the child property. If the Development 
Library belonged to Novell®, products would include Group Wise, NetWare®, ZENworks®, and so 
on. When users selected GroupWise as the product, listed components could include the Group Wise 
client, the agents, GroupWise system administration, and so on. Or you could let users type in 
whatever components they wanted. 


When you need to set up related document properties, print the “Related Document Properties 
Worksheet” on page 349. One copy of the worksheet accommodates one pair of related property 
fields, one parent lookup table, and one child lookup table (optional). 


The following table describes the document properties and lookup tables that are required in order to 
set up related document properties: 


Table 23-3 Document Properties and Lookup Tables 


Properties and Tables Description 


Parent Document Property The parent document property is the user's first selection. In the 
Development Library example above, the parent document property is 
Product. 


Child Document Property The child document property is the user’s second selection, based on the 
first selection. In the Development Library example above, the child 
document property is Component. 


Parent Lookup Table The entries in the parent lookup table provide the choices offered to the 
user in the parent document property field. In the Development Library 
example above, the user could select from GroupWise, NetWare, and 
ZENworks in the Product field. 


Child Lookup Table The entries in the child lookup table provide the choices offered to the user 
after a choice from the parent lookup table has been selected. In the 
Development Library example above, if the user selected GroupWise in 
the Product field, the child lookup table would provide choices such as 
Agents, Client, and Admin in the Component field. 


The child lookup table is not required if you want to allow the user to type in 
anything they want in the child document property field. 
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Use copies of the “Related Document Properties Worksheet” on page 349 to plan the related 
document properties you want to use. One copy of the worksheet accommodates one pair of related 
properties. Continuing with the Development Library example, a filled-in worksheet might look like 
this: 


Table 23-4 Sample Document Properties Worksheet 





Item Setting Item Setting 
1) Parent Property Name: 4) Child Property Name: 
Document Property Product Document Property Component 
2) Parent Table Name: 5) Child Table Name: 
Lookup Table Product Lookup Table Component 
3) Parent (required) 6) Child (optional) 
Lookup Entries Lookup Entries 
Parent Entry: Child Entries: 
GroupWise Admin 
Agents 
Client 
Parent Entry: Child Entries: 
NetWare Client 
eDirectory 
Servers 
Parent Entry: Child Entries: 
ZENworks Desktops 
Servers 


When you have finished planning related properties and their associated lookup tables, you should 
print and fill in a worksheet for each for each new related property, as described in “Planning 
Custom Document Properties” on page 340, and for each new lookup table, as described in 
“Planning Custom Lookup Tables for Custom Document Properties” on page 344. 


Then you are ready to continue with “Creating Related Lookup Tables” on page 350. 
Related Document Properties Worksheet 


For instructions on how to use this worksheet, see “Planning Related Document Properties” on 
page 348. 


Item Setting Item Setting 
1) Parent Name: 4) Child Name: 
Document Property Document Property 

2) Parent Name: 5) Child Name: 
Lookup Table Lookup Table 

3) Parent (required) 6) Child (optional) 


Lookup Entries Lookup Entries 


Creating and Managing Documents 


349 


Item Setting Item 


Entry: 


Entry: 


Entry: 


Creating Related Lookup Tables 


If you are supplying the choices for both related fields, you need both a parent lookup table and a 
child lookup table. If you are going to have users type information into the child property field, then 
you only need to create the parent lookup table. You should create lookup tables before creating the 


document properties that use them. 


+ “Creating the Parent Lookup Table” on page 350 
+ “Creating the Child Lookup Table (Optional)” on page 350 


Creating the Parent Lookup Table 


1 Create a new lookup table, as described in Step | through Step 5 in “Adding Custom Lookup 
Tables” on page 346. Use worksheet item 2 in the Table Name field. Leave the Related Table 


field set to (none). 


2 Add entries to the new lookup table, as described in Step 6 through Step 8 in “Adding Custom 
Lookup Tables” on page 346. Use the entries listed under worksheet item 3 in the Value field. 


Setting 


Entries: 


Entries: 


Entries: 


3 Continue with “Creating the Child Lookup Table (Optional)” on page 350. 


or 


If you are going to have users type information into the child property field, rather than 
selecting from a predefined list, skip to “Setting Up Related Document Properties” on page 351 


Creating the Child Lookup Table (Optional) 


1 Create a new lookup table, as described in Step 1 through Step 5 in “Adding Custom Lookup 
Tables” on page 346. Use worksheet item 5 in the Table Name field. Use worksheet item 2 in 
the Related Table field to link the child table to the parent table. 


2 Select the new lookup table, click Edit, then click Add to display the Lookup Entry dialog box. 
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Lookup Entry 


This table is a child in a relationship. Select a value from the parent 
table, then enter the child table's values. 


Parent Value: | ~ 





Value: [ 








3 Selecta Parent value. 


4 Inthe Value field, type one of the child lookup table entries for the selected parent value 
(worksheet item 6), then click Add. 


5 Repeat Step 4 for each entry listed under worksheet item 6. 
6 Repeat Step 3 through Step 5 for each parent value listed under worksheet item 3. 
7 Continue with “Setting Up Related Document Properties” on page 351. 


Setting Up Related Document Properties 


After you have created related lookup tables, you are ready to set up the related document properties 
that use them. A few document property fields are required settings in the context of related 
properties: 

+ Read-Only must be set to No. 

+ Hidden must be set to No. 

+ Required must be set the same on the child property as it is on the parent property. 


To set up related document properties: 


1 Create the parent document property as described in “Adding Custom Document Properties” 
on page 343. Use worksheet item | in the Property Label field. Use worksheet item 2 in the 
Lookup Table field. Leave the Related Property field set to (none). 


2 Create the child document property using the same procedure. Use worksheet item 4 in the 
Property Label field. Use worksheet item 5 in the Lookup Table field. The Related Property 
field should automatically display as worksheet item 1, showing that the child property is 
related to the parent property. 


23.3 Indexing Documents 


Documents stored in GroupWise libraries need to be indexed so users can locate documents using 
the Find feature in the GroupWise Windows client. Your organization might need dedicated 
indexing to minimize performance degradation and network congestion. You might also need 
dedicated indexing so users can have prompt access to newly created documents. 

+ Section 23.3.1, “Understanding DMS Indexing,” on page 352 

+ Section 23.3.2, “Determining Your Indexing Needs,” on page 358 


¢ Section 23.3.3, “Implementing Indexing,” on page 360 
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23.3.1 Understanding DMS Indexing 


Before determining if you will need dedicated indexing, you should have a basic understanding of 
how indexing works in GroupWise. 

+ “Index Storage” on page 352 

+ “Index Content” on page 352 

+ “Indexing Performed by the POA” on page 352 

+ “Indexing Cycle” on page 353 

+ “Bandwidth Considerations” on page 353 


+ “Indexer Configurations” on page 353 


Index Storage 


When documents are indexed, the information is stored in QuickFinder™ indexes, which are located 
in a library’s index subdirectory. A library’s QuickFinder index is partitioned into ten *.idx files. 
Additionally, temporary *.inc (incremental) files are created that contain each day’s new index 
information. The *.inc files are combined once per day into the *.idx files (usually at midnight). 


In a system with multiple libraries, each library has its own set of QuickFinder index files. 
Depending on how many libraries belong to a post office, and how many post offices with libraries 
are in your GroupWise system, there can be many sets of QuickFinder index files. 


Index Content 


Indexing can include a document’s full text (depending on its document type), and always includes 
the document’s property sheet information (subject, author, version descriptions, and so on). Both 
newly edited and newly created documents are indexed, which means indexing volume is 
determined by how many existing documents are edited as well as how many new documents are 
created. 


Newly-created documents must be indexed before users can search for them. In setting up your 
indexing strategy, you must know how quickly users will need access to newly-created documents. 


The standard search is limited to the QuickFinder indexes in the user’s default library. But users can 
choose to search for documents in other libraries to which they have access. 


Indexing Performed by the POA 


Indexing is among the many functions of the Post Office Agent (POA). To learn more about POA 
functions, see Section 35.5, “Role of the Post Office Agent,” on page 469. 


You can configure the POA for a post office to meet basic indexing needs. See Section 38.3.1, 
“Regulating Indexing,” on page 555. 


To support greater indexing needs, you can set up an additional POA that is dedicated to indexing. 
See Section 38.3.2, “Configuring a Dedicated Indexing POA,” on page 556. 


Not all libraries need dedicated POAs for indexing documents because indexing needs vary widely: 


¢ Inasmall GroupWise system that has only one post office and one library, indexing can easily 
be done by the one POA. 
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¢ Ina post office with heavy DMS usage, one or more additional POAs can be dedicated to 
indexing the documents. 


+ Ina large system that has a DMS post office housing all libraries in the Group Wise system, 
indexing can be done by the DMS post office’s POAs. 


A library can have more than one POA dedicated to indexing its documents. Because the library’s 
QuickFinder index is partitioned into ten separate *.idx files, an organization that is extremely 
document-intensive can boost indexing performance by using up to ten POAs dedicated to indexing. 
These POAs do not conflict with each other in performing indexing because the *.idx and *.inc 
files are locked during the indexing process. 


You can temporarily use multiple indexing POAs for importing documents to speed up importing 
time. 


Indexing Cycle 


The frequency of indexing is determined by the POA QuickFinder Interval setting. The default is 
once every 24 hours at 8:00 p.m. This might be often enough in an organization where document 
usage is minimal, or where searching for newly-created documents is not mission-critical. 


You can specify the QuickFinder Interval setting in one-hour increments. For example, a setting of 1 
would allow users to find documents created as recently as an hour ago. Whether you should use a 
dedicated indexer at this frequency would depend on the volume (per hour) of documents that get 
queued for indexing. 


You can set the QuickFinder Interval to 0 (zero) for continuous indexing. This is recommended for 
organizations where document usage is intensive, or where users routinely need to find documents 
that have just been created. If document usage is intensive in your organization, you might need a 
separate indexer server dedicated to continuous indexing because the post office server’s 
performance could become unacceptably slow if continuous indexing is performed on it. 


Bandwidth Considerations 


A primary factor in network speed is bandwidth. This is the amount of data that can be passed 
through the network per second. If a network’s bandwidth is not sufficient for handling heavy traffic, 
intensive document indexing can degrade network performance. 


A number of elements affect network bandwidth, including cable types, transmission protocols, and 
hardware. Ethernet networks are susceptible to wide fluctuations in transmission speed during 
periods of heavy traffic. WANs can benefit from reduced network traffic. 


If you locate a post office in close proximity to its users, you have less traffic through routers, 
bridges, and other network hardware. Running Group Wise in client/server access mode also reduces 
network traffic. 


Group Wise users can add heavy messaging traffic to your existing network. DMS usage adds 
document indexing traffic as well. These factors can create much more network bandwidth usage 
than you have previously experienced. 


Indexer Configurations 


Following are five basic examples of how dedicated indexers can be configured. The examples do 
not cover all possibilities. You can combine elements from these configurations to customize 
indexing for your organization. 
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In all configuration examples, the post office can contain multiple libraries, although the Single 
Server with One POA configuration is best suited to only one library. In the other configuration 
examples, one or more POAs can be set up for indexing documents for all libraries in the post office. 


+ “Single Server with One POA” on page 354 

+ “Single Server with Multiple POAs” on page 355 

+ “Dedicated Indexer Server” on page 355 

+ “Dedicated Indexer Server on an Isolated Network Segment” on page 356 
+ “Dedicated DMS Post Office” on page 357 


Single Server with One POA 


One POA runs on the post office server and performs all POA functions for the post office and its 
libraries. This basic configuration is best suited for a small system, or a decentralized library 
configuration with small post offices that each have a library. For more information, see 
“Centralized vs. Decentralized Library Configurations” on page 304. 


Figure 23-1 Single Machine with One POA 


Post Office 


ka Library 
Ej 9 





Message User Library Document 
Database Database Database Database 


GroupWise Client GroupWise Client GroupWise Client GroupWise Client 


Workstation Workstation Workstation Workstation 
Advantages Disadvantages 
+ Default configuration; no additional ¢ All operations are performed on one server, which 
setup is required. can cause performance degradation if your 


* Troubleshooting is limited to a single organization does enough DMS operations. 


server. ¢ If you increase QuickFinder intervals to lessen the 
load on the POA, you lengthen the time users must 
wait to search for new files, or find modified 
information through new searching keywords. 
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Single Server with Multiple POAs 
It is possible to run more than one POA for the same post office on the same server. 


Figure 23-2 Single Machine with Multiple POAs 


Post Office 


ka Library 
= nd 
© 6 © 6 


Message User Library Document 





Database Database Database Database 


POA POA 


È È Production 


| | Network Segment 
& 


GroupWise Client GroupWise Client GroupWise Client GroupWise Client 
Workstation Workstation Workstation Workstation 


Table 23-5 Advantages and Disadvantages of a Single Server with Multiple POAs 


Advantages Disadvantages 


None. * Many processes running on one server can slow it down. 


+ A single point of failure can cause the server to shut 
down when a problem is encountered. 


There are no advantages to running multiple POAs on the same server. If you need more than one 
POA, run it on a separate server, as described in “Dedicated Indexer Server” on page 355 


Dedicated Indexer Server 


You can have the post office on one server and a POA dedicated to indexing DMS documents on 
another server. This configuration is useful for systems of any size with heavy DMS usage. 
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Figure 23-3 Dedicated Indexing Machine 
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GroupWise Client GroupWise Client GroupWise Client GroupWise Client 


Workstation Workstation Workstation Workstation 
Advantages Disadvantages 
+ A dedicated server for quicker DMS indexing. + Network traffic can increase significantly 
This is useful for organizations that are during periods of intense indexing. 


document-intensive. + Multiple server hardware is required. 


+ The messaging post office is not hampered by 
DMS indexing. 


Dedicated Indexer Server on an Isolated Network Segment 


You can have the post office on one server and a POA dedicated to indexing documents on another 
server that is on an isolated network segment. This configuration minimizes bandwidth congestion 
for the production network segment. 
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Figure 23-4 Post Office on One Machine and the Dedicated Indexing POA on Another Machine 
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Table 23-6 Advantages and Disadvantages of a Dedicated Indexer Server on an Isolated Network Segment 


Advantages Disadvantages 


+ Dedicated server for quicker DMS indexing. + Multiple server hardware is required. 
This is useful for organizations that are 


: i + A dedicated network segment is required 
document-intensive. 


(including second network interface card that is 
* The messaging post office is not hampered directly linked to the indexer server). 

by DMS indexing. * For multiple indexing servers, a dedicated hub 
+ The large amount of information that is might be needed. 

passed between the post office server and 

the indexing server does not congest the 

bandwidth of the production network 

segment. 


Dedicated DMS Post Office 


You can have one post office that is dedicated to messaging and another to DMS. This configuration 
is useful for post offices that have heavy DMS usage. For a review of this configuration, see 
“Centralized Libraries” on page 305. 
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Figure 23-5 Dedicated DMS Post Office 
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Table 23-7 Advantages and Disadvantages of a Dedicated DMS Post Office 


Advantages Disadvantages 


+ A dedicated POA for quicker DMS indexing. + High-end hardware is required for DMS server. 


This is useful for organizations that are + An additional post office and POA to be 
document-intensive. maintained 

+ The messaging post office is not hampered 
by DMS traffic and indexing. 


+ Logical separation of messaging and DMS 
databases. Processes such as backing up 
databases are easier. 


+ Client/server is required for searching and 
accessing documents. 


+ Remote access is required for users who 
cannot use client/server mode. This ensures 
that the slower store-and-forward process is 

+ This configuration is ideal for creating a used for remote searching and accessing of 
centralized library configuration. documents. 


23.3.2 Determining Your Indexing Needs 


The following table presents some indexing considerations and suggests an indexing configuration 
based on how the considerations pertain to your indexing needs: 


Single Server Dedicated Indexer Dedicatedlindexei Dedicated DMS 
` Server on an Isolated d 
with One POA Server Post Office 
Network Segment 


Consideration 


Does the post office own No Yes or No Yes or No Yes 
multiple libraries? 
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Single Server 


Consideration with One POA 


What is the expected Light 
indexing volume (per 
hour)? 


Is hardware available for No 
a dedicated indexer 
server? 


Could bandwidth No 
congestion be a 
problem? 


Dedicated Indexer 
Server 


Light or Moderate 


Yes 


Maybe 


Dedicated Indexer 
Server on an Isolated 
Network Segment 


Dedicated DMS 
Post Office 


Moderate or Heavy Heavy 


Yes Yes 


Maybe or Yes Yes 


Use the “Indexing Worksheet” on page 359 to estimate the indexing needs of the libraries in your 
GroupWise system. Each worksheet accommodates three libraries. 


Identify each library (worksheet items | and 2). Estimate the impact of each consideration in each 
library (worksheet items 3 through 6). Then compare your estimates for each library to the values in 
the table above to determine the indexing configuration for each library (worksheet item 7). 


Indexing Worksheet 


For instructions on how to use this worksheet, see Section 23.3.2, “Determining Your Indexing 


Needs,” on page 358. 


1) Library: 
2) Library's Post Office: 
3) Multiple Libraries per Post Office? 


+ Yes 
+ No 
4) Expected Indexing Volume (per hour): 
+ Light 
+ Moderate 


* Heavy 
5) Additional Server Available? 


+ Yes 
+ No 
6) Bandwidth Congestion Possible? 
+ Yes 
* Maybe 
+ No 


Library 


Library Library 
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Library Library Library 
7) Indexer Configuration: 
+ Single server with one POA 


+ Dedicated indexer server 


+ Dedicated indexer server 
on an insolated network 
segment 


+ Dedicated DMS post office 


23.3.3 Implementing Indexing 


For libraries where a single POA running on the post office server can provide adequate indexing 
support for the post office’s libraries, follow the instructions in Section 38.3.1, “Regulating 
Indexing,” on page 555 to implement indexing. 


For libraries where additional POAs running on separate servers are required to support the indexing 
needs of the post office’s libraries, follow the instructions in Section 38.3.2, “Configuring a 
Dedicated Indexing POA,” on page 556 to implement indexing. 


23.4 Managing Documents 


As more and more documents are added to your GroupWise libraries, you must manage the disk 
space occupied by libraries and respond to various changes in your GroupWise system. 


¢ Section 23.4.1, “Archiving and Deleting Documents,” on page 360 
+ Section 23.4.2, “Backing Up and Restoring Archived Documents,” on page 360 
¢ Section 23.4.3, “Handling Orphaned Documents,” on page 362 


See also Section 22.6.2, “Managing Document Storage Areas,” on page 321. 


23.4.1 Archiving and Deleting Documents 


The Document Type property determines what happens to documents whose document life in your 
Group Wise system has expired. For a review of the document types and document life, see 
Section 21.3.2, “Document Types,” on page 296. 


You can use the Mailbox/Library Maintenance feature in ConsoleOne to archive and delete 
documents on demand, as described in Section 30.4, “Reducing the Size of Libraries and Document 
Storage Areas,” on page 404. 


You can also configure the POA to archive and delete documents on a regular schedule, as described 
in Section 36.4.2, “Scheduling Disk Space Management,” on page 510. 


23.4.2 Backing Up and Restoring Archived Documents 


When documents are archived, they are physically moved to a directory in the post office, where 
disk space can be limited. You should move archived documents to your backup medium regularly. 


+ “Moving Archived Documents to Backup” on page 361 
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+ 


“Restoring Archived Documents” on page 361 


Moving Archived Documents to Backup 


When documents are archived, they are placed in automatically created archive directories. Each 
library has a set of archive directories. For example, gwdms (GroupWise Document Management 
Services) is one of the post office’s directories. The library directories exist under it, named 
1160001-ff. Under each library directory is an archive directory, under which are the 
sequentially-numbered archival directories, named arnnnnnn (where nnnnnn is an integer with 
leading zeros). Each arnnnnnn directory is an archive set. To view the gwdms directory, see “Post 
Office Directory” in GroupWise 7 Troubleshooting 3: Message Flow and Directory Structure. 


To move archived documents to backup: 


1 Make sure you have a backup medium (such as tape or CD) operating with your system. 


Make sure you have already archived documents that have reached their expiration dates. 
Documents that have not been archived cannot be removed to a backup medium. 


Start the software for your backup medium. 
When the backup software asks for the location of your archive files, give the full path. 


Example: 
j:\post office\gwdms\lib0\archive\ar000001 


If users need the backed-up documents in the future, see “Restoring Archived Documents” on 
page 361. 


Restoring Archived Documents 


When a user tries to access a document that has been archived, one of two things happens: 


+ 


Ifthe document is inthe post office archive set, and has not yet been physically moved from the 
archive location, the document opens normally. The user does not realize it was archived. The 
document is unarchived from the archive set at that time; that is, it is moved back to the library 
document directory from which it was archived. It is also given a new archive date according to 
the document type. 


The user sees a message indicating the document cannot be opened. In this case, the archive set 
containing the document has been physically moved to a backup medium. Therefore, the 
document cannot be automatically unarchived. In this case, the user might contact you, asking 
you to locate or recover the document. You can restore either the document’s BLOB or the 
archive set that contains the BLOB. After the document is restored to its archive directory, the 
user will be able to open the document normally. 


To restore archived documents from a backup medium: 


a Fk O N = 


Obtain the Document Number for the document the user was trying to access. 

In the GroupWise Windows client, click Tools > Find. 

Specify the Document Number, then click OK. 

Right-click the document in the Find Results listing, then click Properties > Version. 
Note the archive directory in the path listed in the Current Location field. 


The subdirectory listed after the .\archive directory is the archive set containing the 
document, for example, \ar000001. 
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6 Ifyou have the ability to recover individual files from your backup medium, also note the 
BLOB filename listed in the Current Filename field. 


7 Determine where you backed up the archive set, then copy either the archive set or the 
individual BLOB file to the archive directory specified in the Current Location field that you 
noted earlier. 


8 You can now notify the user that the requested document is available. 


When you are sure the user has opened the document (causing it to be unarchived), you should 
delete any files remaining in that archive directory because you have already backed them up. 


23.4.3 Handling Orphaned Documents 


If you remove public rights for a library, some documents might become inaccessible. For example, 
if a user who has been denied access to the library is the only user who had access to certain 
documents, those documents become orphaned. No other user can access or search for those 
orphaned documents. This is because document security is controlled by the user listed in the 
Author and Creator fields in the document’s properties. In other words, if the author or creator no 
longer has access to a document, neither does anyone else. 


However, orphaned documents can be reassigned to another author so that someone can access them 
again. This can be done in one of two ways: 


+ In ConsoleOne, the Analyze/Fix Library action in Mailbox/Library Maintenance can reassign 
orphaned documents to a specified user. Then, the new user has access to all orphaned 
documents in that library. For more information, see Section 28.2, “Analyzing and Fixing 
Library and Document Information,” on page 392. 


¢ A librarian has the ability to alter the Author field of documents. Therefore, a librarian can 
replace the previous user’s GroupWise ID with his or her own ID. In doing so, the librarian 
becomes the new author of the document. This can also be done as a mass operation for 
multiple documents with varying user IDs in the Author field. For more information, see 
Section 22.6.4, “Adding and Training Librarians,” on page 326. 
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Integrations 


Document-producing applications can be integrated with Group Wise” Document Management 
Services (DMS) to allow GroupWise management control over files produced by the integrated 
applications. Integrations provide code specifically designed to allow function calls, such as Open or 
Save, to be redirected to the Group Wise Windows client. This allows Group Wise dialog boxes to be 
displayed instead of the application’s normal dialog boxes for the integrated functions. 





NOTE: The Cross-Platform client does not include integrations, which is why you cannot create 
and edit documents from the Cross-Platform client. 





GroupWise DMS includes standard integrations for the following applications: 


+ Corel* Presentations* 7.x through 10.x 

+ Corel Quattro Pro* 7.x and 8.x 

+ Corel WordPerfect 6.1 through 10.x 

+ Lotus* Word Pro* 96 and 97 

+ Microsoft Binder 97 

+ Microsoft Excel 95, 97, 2000, and 2002 

+ Microsoft PowerPoint* 97, 2000, and 2002 
+ Microsoft Word 95, 97, 2000, and 2002 


Other applications can be integrated manually using the gwappint.inf file. 


+ Section 24.1, “Setting Up Integrations during Windows Client Installation,” on page 363 
+ Section 24.2, “Setting Up Integrations Using the gwappint.inf File,” on page 364 
+ Section 24.3, “Controlling Integrations in the GroupWise Windows Client,” on page 369 


24.1 Setting Up Integrations during Windows 
Client Installation 


The GroupWise Windows client Setup program can offer users the opportunity to integrate their 
document-producing applications during client installation. 
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Figure 24-1 Software Integrations Wizard 


ie GroupWise - Custom Setup 


Custom Setup 


Select the program features you want installed. 


Click on an icon in the list below to change how a Feature is installed, 


Feature Description 
= 7] Groupwise i 
€ | Languages Choose applications for F 
= integration with GroupWise 
E Software Integrations Document Management to save 
Microsoft Excel and retrieve files from within 
Microsoft Powerpoint GroupWise, 
Microsoft Word This feature requires OKB on 
your hard drive, It has 3 of 3 
subfeatures selected. The 
subfeatures require OKB on your 
hard drive. 





C:\Novell\Group Wise}, 





< Back Next > Cancel 








This dialog box lists the applications that can be integrated with GroupWise that are currently 
installed on users’ workstations. Therefore, it is important to make sure that the applications to 
integrate are installed before the GroupWise client is installed. However, it does not matter whether 
Group Wise and the applications are installed to run from the network or from the users’ 
workstations. The integrations work with any combination of installation choices. 


After selecting applications to integrate during Group Wise client integration, users can manage their 
integrations in the GroupWise client, as described in “Integrating GroupWise with Your 
Applications” in “Creating and Working with Documents” in the GroupWise 7 Windows Client User 
Guide. 


If users need to install and integrate applications after installing the GroupWise client, they can 
install the new applications, then reinstall the GroupWise client so that they can select the new 
applications during GroupWise client installation. If reinstalling the GroupWise client is not an 
option, you might need to assist them in setting up additional integrations, as described in 
Section 24.2, “Setting Up Integrations Using the gwappint.inf File,” on page 364. 


24.2 Setting Up Integrations Using the 
gwappint.inf File 
The gwappint.inf file controls how document-producing applications are integrated with the 
GroupWise Windows client. During client installation, the gwappint. inf file is installed in the 
Windows system32 subdirectory. It is a text file that can be viewed and modified in a text editor 
such as Notepad. You might want to print the gwappint. inf file from a user workstation to help 
you understand how integrations have been set up for your users during Group Wise client 
installation. 

+ Section 24.2.1, “Understanding the Three Levels of Integration,” on page 365 

+ Section 24.2.2, “Understanding the gwappint.inf File,” on page 365 

+ Section 24.2.3, “Editing the gwappint.inf File,” on page 368 
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24.2.1 Understanding the Three Levels of Integration 


The gwappint.inf file provides for three different levels of integration, to meet the needs of different 
types of document-producing applications: 


+ “ODMA Integration” on page 365 
¢ “Point-to-Point Integration” on page 365 


+ “No Integration” on page 365 


ODMA Integration 


The Open Document Management API (ODMA) is an industry standard for applications and 
document management programs to use in achieving seamless integration. ODMA is platform- 
independent. GroupWise DMS is 32-bit ODMA-compliant, and can automatically integrate with all 
32-bit ODMA-compliant applications. Applications that are not 32-bit ODMA-compliant must have 
integrations created for them to be used with GroupWise DMS. 


The 16-bit ODMA integration standards are not 100% compatible with the 32-bit ODMA 
integration in Windows 95/98/2000. Therefore, 16-bit applications that are ODMA-compliant must 
still have integrations created for them to be used with the GroupWise DMS. 


Point-to-Point Integration 


This integration involves applications that are not 32-bit ODMA-compliant. Novell® has written 
macros for various applications, such as Microsoft Word, which allow them to be integrated with 
Group Wise. This provides the same functionality as for 32-bit ODMA- integrated applications. 
These applications can be selected for integration when the GroupWise client is installed. 


Integration macros are written in the macro language of the application being integrated with 
Group Wise. Macro calls are made to GroupWise dialog boxes to replace access of the application’s 
own dialog boxes (for example, Open and Save). 


No Integration 


Non-integrated applications rely on Windows 95/98/2000 associations. When a reference icon is 
selected in GroupWise, the file’s extension is examined to determine which application to use. The 
application is launched and the file is opened. 


Functions performed in a non-integrated application are not managed by GroupWise. So, if the file 
is renamed or saved to a different location, the file is not part of a GroupWise library. When the file 
is opened later, a message is displayed reminding the user that the file is not under management of 
Group Wise. However, if you simply edit the file and re-save it without changing the name or 
location, GroupWise continues to provide management of the file. 


24.2.2 Understanding the gwappint.inf File 


The gwappint. inf file includes the following sections and lines: 
+ [executable name] sections 


- Integration= line 
- DualExe= line 
- AppName= line 
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- AppKey= line 
+ [ODMA Application Extensions] section 
¢ [Integration State] section 


¢ [Non-Integrated Defaults] section 
- Waitlnterval= line 
- ShowMessage= line 
[executable name] Sections 


The gwappint.inf file contains one [executable name] section for each integrated application. It 
supplies the name of the executable for the program being integrated. 


Integration= Line 


Each [executable name] section must have an Integration= line, where digits identify the type of 
integration employed for the executable: 


Integration = 0 (No Integration) 
Integration = 1 (Point-to-Point Integration) 
Integration = 2 (ODMA Integration) 


DualExe= Line 


Some programs, such as Lotus Word Pro, use a small startup executable that, in turn, calls the main 
program. Use the DualExe= line to specify the name ofthe main executable. You can specify the full 
path to the main executable, or you can specify the path relative to the startup executable. 


AppName= Line 


The AppName= line assigns the application an arbitrary name for use in the [ODMA Application 
Extensions] and [Integration State] sections. 


AppKey= Line 


The AppKey= line is used only with point-to-point integrations (Integration=1). It specifies a value 
used by Group Wise to pass information to and from the integrated application. The value must be 
unique among the point-to-point integrations defined in the gwappint.inf file. 


Examples Based on Standard Integrations 


The table below shows how the standard integrations are implemented in the gwappint.inf file: 
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Table 24-1 Integration Examples 


Application 


Corel 


Presentations 


Corel 
Quattro Pro 


Corel 


WordPerfect 


Lotus 
Word Pro 


Microsoft 
Binder 


Microsoft 
Excel 


Microsoft 
PowerPoint 


Microsoft 
Word 


Executable 


prwin.exe 


qpw.exe 


wpwin.exe 


wordpro.exe 


binder.exe 


excel.exe 


powerpnt.exe 


winword.exe 


Versi 


97 


97 


95, 
97, 
2000, 
2002 


97, 
2000, 
2002 


95 


97, 
2000, 
2002 


Comments 


If it is already installed on the workstation, GroupWise installation 
changes the Integrations= line to 0 and the application is 
available for selection as a non-integrated application. 


For ODMA integration, change the DualExe= line to 
system\prwin70.exe and the Integrations= line to 2. 


For ODMA integration, change the Integrations= line to 2. 


If it is already installed on the workstation, the GroupWise client 
installation changes the Integrations= line to 0 and the 
application is available for selection as a non-integrated 
application. 


For ODMA integration, change the Integrations= line to 2 


If it is already installed on the workstation, the GroupWise client 
installation changes the Integrations= line to 0 and the 
application is available for selection as a non-integrated 
application. 


For ODMA integration, change the DualExe= line to 
system\wpwin7.exe and the Integrations= line to 2. 


For ODMA integration, no DualExe= line is needed. Change the 
Integrations= line to 2. 


This application is 32-bit ODMA-compliant. Therefore, if it is 
installed before GroupWise, it is available for selection as an 
ODMA-integrated application. 


For ODMA integration, change the DualExe= line to 
system\wordpro.exe and the Integrations= line to 2. 


This application is 32-bit ODMA-compliant. Therefore, if it is 
installed before GroupWise, it is available for selection as an 
ODMA-integrated application. 


The Integrations= line is set to 1 for both versions. 


This application is 32-bit ODMA-compliant. Therefore, if it is 
installed before GroupWise, it is available for selection as an 
ODMA-integrated application. 


If it is already installed on the workstation, GroupWise installation 
changes the Integrations= line to 1 and the application is 
available for selection for point-to-point integration. 


For ODMA integration, change the Integrations= line to 2. 
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[ODMA Application Extensions] Section 


The [ODMA Application Extensions] section lists the file extensions Group Wise associates with 
particular document-producing applications. Examples include: 


Table 24-2 Applications and Their Extensions 


Application File Extension 
Corel WordPerfect .wpd 
Microsoft Excel xls 


Microsoft PowerPoint .ppt 


Microsoft Word .doc 


[Integration State] Section 

The [Integration State] section records whether the user has turned integrations on or off for 
integrated applications. 

[Non-Integrated Defaults] Section 


The [Non-Integrated Defaults] section provides two configuration settings that apply to all non- 
integrated applications: 


+ WaitInterval= line 
+ ShowMessage= line 
Waitinterval= Line 


The WaitInterval= line specifies a number of milliseconds for the Group Wise client to wait before it 
attempts to communicate with a non-integrated process. The wait interval allows the application to 
start completely before GroupWise contacts it. The default wait interval is 1000 milliseconds (one 
second). 


The default setting supplied in the [Non-Integrated Defaults] section can be overridden for specific 
applications by including a WaitInterval= line in the application’s [executable name] section. 


ShowMessage= Line 


The ShowMessage= line indicates whether or not to display a message to the GroupWise client user 
if Group Wise cannot contact a non-integrated application. Use ShowMessage=1 to display the 
message or ShowMessage=0 to suppress the message. 


The default setting supplied in the [Non-Integrated Defaults] section can be overridden for specific 
applications by including a ShowMessage= line in the application’s [executable name] section. 


24.2.3 Editing the gwappint.inf File 


The gwappint.inf file is a text file that can be modified using any text editor (Notepad, for example). 
By editing the gwappint.inf file, you can add integrations for applications for which Novell has not 
provided integrations. 
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24.3 Controlling Integrations in the GroupWise 
Windows Client 


For the convenience of GroupWise Windows client users, some settings in the gwappint.inf file can 
be modified from the client. 


In the Group Wise client: 


1 Click Tools > Options > Documents > Integrations. 


Documents Setup 


Library Configuration | Integrations | General 


Library names: 
[Development Library (Default 
Marketing Library | Set Default 


Sales Library 











The /ntegrations tab of the Documents Setup dialog box lets users turn integrations on and off 
for the listed registered applications. 


If the application that users want to integrate is does not appear in the registered applications 
list, users must first make sure the application is installed on their workstations. Then they can 
either reinstall the GroupWise client or modify the gwappint .inf file as described in 
Section 24.2, “Setting Up Integrations Using the gwappint.inf File,” on page 364. 


The users’ selections on the Integrations tab are recorded in the [Integration State] section of 
the gwappint.inf file. 


2 Select an application to configure integration for, then click Advanced. 


Adobe FrameMaker Document 
Nor-Integrated | Executable 


Message 


Display message for all non-integrated applications that cannot be 
tracked by Groupwise. 











V] Display message - manual end-access needed. 





Wait 
Set for: ©) This application 
© Default for all applications 


Wait time to detect application: [1 = seconds. 





The Non-Integrated tab enables users to set values for the ShowMessage= and WaitInterval= 
lines in the gwappint.inf file. 


3 Click Executable. 
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Adobe FrameMaker Document 


as 
Norrintegrated | Executable | 





À small number of applications use a dual-executable model. In this 
model, the first executable is invoked by the user. That executable then 
invokes the second executable, which is the actual application. 


In order to track an application that uses this model, GroupWise must know 
the name of the second executable. 











This application uses the dual-executable model 











The Executable tab enables users to set the DualExe= line in the gwappint.inf file. 


4 Click OK twice to save the updated integration information. 


If users check the contents of the gwappint . inf file in the Windows system32 subdirectory, they 
see their integration configuration changes reflected there. 
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+ Chapter 25, “Understanding Group Wise Databases,” on page 373 

+ Chapter 26, “Maintaining Domain and Post Office Databases,” on page 377 

+ Chapter 27, “Maintaining User/Resource and Message Databases,” on page 385 
+ Chapter 28, “Maintaining Library Databases and Documents,” on page 391 

+ Chapter 29, “Synchronizing Database Information,” on page 395 





+ Chapter 30, “Managing Database Disk Space,” on page 399 

+ Chapter 31, “Backing Up GroupWise Databases,” on page 407 

+ Chapter 32, “Restoring GroupWise Databases from Backup,” on page 411 
+ Chapter 33, “Retaining User Messages,” on page 419 


+ Chapter 34, “Standalone Database Maintenance Programs,” on page 423 
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Understanding GroupWise 
Databases 


Your Group Wise? system includes numerous databases where vital information is stored. 


¢ Section 25.1, “Domain Databases,” on page 373 

+ Section 25.2, “Post Office Databases,” on page 373 
+ Section 25.3, “User Databases,” on page 374 

+ Section 25.4, “Message Databases,” on page 374 

+ Section 25.5, “Library Databases,” on page 374 

+ Section 25.6, “Guardian Databases,” on page 375 


25.1 Domain Databases 


The domain database (wpdoma in . db) in each domain contains all administrative information for 
the domain, including: 


+ Address information about all GroupWise objects (such as users and resources), post offices, 
and gateways in the domain 


¢ System configuration and linking information for the domain’s MTA 


+ Address and message routing information to other domains 


The first domain you create is the primary domain. In the primary domain, the wpdomain.db file 
contains all administrative information for your entire GroupWise system (all domains, post offices, 
users, and so on). Because the wpdomain.db file in the primary domain is so crucial, you should 
back it up regularly and keep it secure. See Section 31.1, “Backing Up a Domain,” on page 407. 


You can re-create your entire GroupWise system from the primary domain wpdomain.db file; 
however, if the primary domain wpdomain.db file becomes unusable, you can no longer make 
administrative updates to your GroupWise system. 


Every domain you create after the primary domain is a secondary domain. The contents of 
secondary domains are automatically synchronized with the primary domain. 


For the location of the domain database, see “Domain Directory” in GroupWise 7 Troubleshooting 
3: Message Flow and Directory Structure. For additional domain information, see Section 40.3, 
“Information Stored in the Domain,” on page 606. 


25.2 Post Office Databases 


The post office database (wphost . db) in each post office contains all administrative information 
for the post office, including a copy of the GroupWise Address Book. This information is necessary 
for users to send messages to others in the GroupWise system. 


For the location of the post office database, see “Post Office Directory” in GroupWise 7 
Troubleshooting 3: Message Flow and Directory Structure. For more post office information, see 
Section 35.3, “Information Stored in the Post Office,” on page 464. 
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25.3 User Databases 


Each member of the post office has a personal database (user xxx. db) that represents the user's 
mailbox. The user database contains the following: 

+ Message header information 

+ Pointers to messages 

+ Personal groups 

+ Personal address books 

+ Rules 
When a member of another post office shares a folder with one or more members of the local post 


office, a “prime user” database (puxxxxx.db) is created to store the shared information. The 
“prime user” is the owner of the shared information. 


Local user databases and prime user databases are stored in the ofuser directory in the post office. 
Because resources are addressable just like users, resources also have user databases. 


For the location of user databases in the post office, see “Post Office Directory” in GroupWise 7 
Troubleshooting 3: Message Flow and Directory Structure. For more post office information, see 
Section 35.3, “Information Stored in the Post Office,” on page 464. 


25.4 Message Databases 


Each member of the post office is assigned to a message database (ms gnnn . db) where the body 
portions of messages are stored. Many users in a post office share a single message database. There 
can be as many as 255 message databases in the post office (numbered from 0 to 254). Message 
databases are stored in the ofmsg directory in the post office. 


Outgoing messages from local senders are stored in the message database assigned to each sender. 
Incoming messages from users in other post offices are stored in the message database with the same 
name as the message database assigned to the sender in his or her own post office. In each case, only 
one copy of the message is stored in the post office, no matter how many members of the post office 
it is addressed to. 


For the location of message databases in the post office, see “Post Office Directory” in GroupWise 7 
Troubleshooting 3: Message Flow and Directory Structure. For more post office information, see 
Section 35.3, “Information Stored in the Post Office,” on page 464. 


25.5 Library Databases 


A library is a collection of documents and document properties stored in a database system that can 
be managed and searched. You do not need to set up libraries unless you are using GroupWise 
Document Management Services (DMS). See Part VII, “Libraries and Documents,” on page 291. 


The databases for managing libraries are stored in the gwdms directory and its subdirectories in the 
post office. 


The dmsh. db file is a database shared by all libraries in the post office. It contains information 
about where each library in the post office is located. 
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Each library has its own subdirectory in the gwdms directory. In each library directory, the 
dmxxnn01-FF.db files contain information specific to that library, such as document properties 
and what users have rights to access the library. 


For the location of library databases in the post office, see “Post Office Directory” in GroupWise 7 
Troubleshooting 3: Message Flow and Directory Structure. For more post office information, see 
Section 35.3, “Information Stored in the Post Office,” on page 464. 


The actual documents in a library are not kept in the library databases. They are kept in a document 
storage area, which consists of a series of directories for storing documents. Documents are 
encrypted and stored in BLOBs (binary large objects) to make document management easier. A 
document, its versions, and related objects are stored together in the same BLOB. 


A document storage area might be located in the post office itself, or in some other location where 
more storage space is available. If it is located in the post office, the document storage area can 
never be moved. Therefore, storing documents in the post office directory structure is not usually 
recommended. If it is stored outside the post office, a document storage area can be moved when 
additional disk space is required. 


See Chapter 22, “Creating and Managing Libraries,” on page 299 and Chapter 23, “Creating and 
Managing Documents,” on page 335 for more information about Document Management Services. 


25.6 Guardian Databases 


The guardian database (ngwguard. db) serves as the master copy of the data dictionary 
information for the following subordinate databases in the post office: 


+ User databases (user xxx. db) 
+ Message databases (msgnnn.db) 
+ Prime user databases (puxxxxx. db) 


¢ Library databases (dmsh.db and dmxxnn01-FF.db) 


The guardian database is vital to GroupWise functioning. Therefore, the POA has an automated 
back-up and roll-forward process to protect it. The POA keeps a known good copy of the guardian 
database called ngwguard. fbk. Whenever it modifies the ngwguard. db file, the POA also 
records the transaction in the roll-forward transaction log called ngwguard.rf1.Ifthe POA 
detects damage to the ngwguard. db file on startup or during a write transaction, it goes back to 
the ngwguard. fbk file (the “fall back” copy) and applies the transactions recorded in the 
ngwguard.rf1 file to create a new, valid and up-to-date ngwguard. db. 


In addition to the POA back-up and roll-forward process, you should still back up the 
ngwguard.db, ngwguard.fbk, and ngwguard. rf1 files regularly to protect against media 
failure. Without a valid ngwguard.db file, you cannot access your e-mail. With current 

ngwguard. fbk and ngwguard. rf1 files, a valid ngwguard. db file can be rebuilt should the 
need arise. 


The ngwguard. dc file is the structural template for building the guardian database and its 
subordinate databases. Also called a dictionary file, the ngwguard.dc file contains schema 
information, such as data types and record indexes. Ifthis dictionary file is missing, no additional 
databases can be created in the post office. 
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Maintaining Domain and Post 
Office Databases 


Occasionally, it is necessary to perform maintenance tasks on domain databases (wpdomain. db) 
or post office databases (wphost . db). The frequency depends on the reliability of your network 
and your own experience of how often problems are likely to occur. The following tasks help you 
maintain the integrity of your domain and post office databases: 

+ Section 26.1, “Validating Domain or Post Office Databases,” on page 377 

+ Section 26.2, “Recovering Domain or Post Office Databases,” on page 378 

+ Section 26.3, “Rebuilding Domain or Post Office Databases,” on page 381 

+ Section 26.4, “Rebuilding Database Indexes,” on page 383 





NOTE: Unfortunately, damage to databases cannot be prevented. A power outage can occur in the 
middle of a write to a database. A hard drive can fail. However, the GroupWise® tools for repairing 
damaged databases are very effective and should be able to resolve most damage to Group Wise 
databases. 





To further protect your GroupWise system against loss of domain and post office information, see 
Chapter 31, “Backing Up GroupWise Databases,” on page 407 and Chapter 32, “Restoring 
Group Wise Databases from Backup,” on page 411. 


To ensure that the same information exists in all domain and post office databases throughout your 
Group Wise system, see Section 29.5, “Synchronizing the Primary Domain from a Secondary 
Domain,” on page 398, Section 29.4, “Synchronizing a Secondary Domain,” on page 397, and 
Section 29.2, “Synchronizing a Post Office,” on page 396. 


26.1 Validating Domain or Post Office Databases 


You can validate the data in the domain and post office databases at any time without interrupting 
normal Group Wise operation. The frequency can vary depending on the size of your system and the 
number of changes you make to users, resources, and distribution lists. 


1 Make sure you have full administrative rights to the domain and post office database directories 
you are validating. 


2 In ConsoleOne®, browse to and select the Domain object or Post Office object where you want 
to validate the database. 


3 Click Tools > GroupWise Utilities > System Maintenance. 
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© Recover Database 


© Rebuild Database 





© Reclaim Unused Space 
© Rebuild Indexes for Listing 
c 


Description: 
Validate checks for physical consistency. If problems are 
found, you should perform a Recover ora Rebuild. 





4 Click Validate Database > Run. 


5 When prompted, make sure the Path to Database is correct. If an incorrect path is displayed, 
browse to and select the path to the database being validated. Click OK. 


You are notified if there are any physical problems, so you can then recover or rebuild the 
database. 


See Section 26.2, “Recovering Domain or Post Office Databases,” on page 378 and 
Section 26.3, “Rebuilding Domain or Post Office Databases,” on page 381. 


26.2 Recovering Domain or Post Office 
Databases 


The database recover process corrects physical problems in the database structure, but does not 
update incorrect information contained in the database. 


If you receive an administrative message informing you that an internal database error has occurred, 
or if you detect database damage and don’t want to take users out of GroupWise, you can recover the 
database. If no errors are reported after the recover process, you do not need to take further action. 


The recover process is run against a copy of the domain database (wpdomain. db) or post office 
database (wphost. db). Therefore, while the recover process is running, you can continue to 
access the database through ConsoleOne and you do not need to stop the MTA or the POA. 


As the copy of the database is created, the recover process skips invalid records. If the number of 
records in the original wpdomain.db file or wphost.db file is different from the number in the new, 
valid copy, Group Wise sends an administrative message informing you that data has been lost. 
When the recover process is completed, the backup database is deleted. 
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Figure 26-1 The Database Recovery Process 
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For convenience, the agents are configured by default to automatically recover domain and post 
office databases whenever a physical problem is encountered. See “Recovering the Domain 
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Database Automatically or Immediately” on page 654 and “Recovering the Post Office Database 
Automatically or Immediately” on page 526. 


To recover a specific database in ConsoleOne: 


1 Make sure you have network access to the domain or post office directory for the database you 
are recovering. 


If you have administration rights in the primary domain, you can recover the primary domain 
database, the post office databases in the primary domain, and any secondary domain 
databases. 


From a secondary domain, you can recover the secondary domain database and the post office 
databases in the secondary domain. 


2 Make sure you have sufficient disk space for the copy of the database that is created during 
recovery. 


3 In ConsoleOne, browse to and select the Domain object or Post Office object where you want 
to recover the database. 


4 Click Tools > GroupWise Utilities > System Maintenance. 


© Reclaim Unused Space 


© Rebuild Indexes for Listing 


Description: 
Recover can be performed even while the database is in 
use. Any database inconsistencies will be corrected, but 
may result in loss of information. 





5 Click Recover Database > Run. 
6 When prompted, make sure the Path to Database is correct. If an incorrect path is displayed, 
browse to and select the path to the database being validated. Click OK. 


If recovery is successful, the backup database is deleted, and the new domain database is renamed to 
wpdomain. db, or the new post office database is renamed to wohost. db. 


If recovery fails for any reason, the backup database is copied back to wpdomain.db or 
wphost. db. If any data was lost, you are notified by an administrative message. 


You have several options for retrieving lost data from other sources: 


¢ Ifdata has been lost from the primary domain, you can synchronize it with a secondary domain 
that is known to contain current information. See Section 29.5, “Synchronizing the Primary 
Domain from a Secondary Domain,” on page 398. 


¢ Ifdata has been lost from a secondary domain, you can synchronize it with the primary domain. 
See Section 29.4, “Synchronizing a Secondary Domain,” on page 397. 
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+ You can also rebuild the database at a later time when you have exclusive access to the database 
where the data has been lost. See Section 26.3, “Rebuilding Domain or Post Office Databases,” 
on page 381. 


26.3 Rebuilding Domain or Post Office 
Databases 


In addition to correcting the physical problems resolved by the database recover process, the rebuild 
process updates user and object information in a domain database (wodomain.db) or post office 
database (wphost . db). However, the process requires that no users or GroupWise agents (MTA or 
POA) have access to the database during the rebuild process. 


You should rebuild a domain or post office database if you encounter any of the following 
conditions: 

+ Objects are not being replicated between domains. 

+ The agent that writes to the database went down unexpectedly. 

+ The server where the database resides went down unexpectedly. 


+ You receive an administrative message informing you that an internal database error has 
occurred or there is database damage and you think there might be data loss. 


+ You ran the recover database process and received a notification of data loss. 


When you rebuild a secondary domain database, information is retrieved from the primary domain. 
When you rebuild a post office database, information is retrieved from the domain it belongs to. 


During the rebuild process, a backup of the domain or post office database is created as well as a 
new wpdomain.db or wohost. db. The records from the primary domain database are copied 
into the new wpdomain.db. There should not be any data loss. When the rebuild process is 
complete, the temporary database and the backup database are deleted. 
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Figure 26-2 The Database Rebuilding Process 
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To rebuild a database: 


1 All GroupWise agents that might access the database must be stopped during the rebuild, as 
described in “Stopping the MTA” on page 649 and “Stopping the POA” on page 520. 


2 Ifyou are rebuilding a post office database, all users should exit and you should disable the post 
office before the rebuild, as described in Section 12.7, “Disabling a Post Office,” on page 195. 


3 Make sure you have sufficient disk space for the copy of the database that is created during the 
rebuild process. 


4 In ConsoleOne, browse to and select the Domain object or Post Office object where you want 
to rebuild the database. 


5 Click Tools > GroupWise Utilities > System Maintenance. 


382 GroupWise 7 Administration Guide 


GroupWise System Maintenance 


© Validate Database 





© Reclaim Unused Space 


© Rebuild Indexes for Listing 


Description: 
Rebuild requires exclusive access. For domains, anew 
database will be created from the information in the 
primary domain. For post offices, a new database will he 
created from the information in the parent domain. 





6 Click Rebuild Database > Run. 


7 When prompted, make sure the Path to Database is correct. If an incorrect path is displayed, 
browse to and select the path to the database being rebuilt. Click OK. 


26.4 Rebuilding Database Indexes 


Each domain database (wpdomain. db) and post office database (wphost . db) contains three 
indexes that are used to determine the order of the Address Book: the system index, the domain 
index, and the post office index. When you display the system Address Book, the system index is 
used. When you display a domain-level Address Book, the domain index is used, and when you 
display the Address Book for a post office, the post office index is used. 


The GroupWise client uses the post office database to list users. If you are in the GroupWise client 
and the indexes for listing system, domain, and post office users are different than the domain 
database indexes, you should rebuild the post office database indexes. The most common cause of 
incorrect indexes in a post office is that the post office database was closed when you set up the list 
information. 


To rebuild a database index: 


1 Make sure you have administrative rights to the database whose indexes you are rebuilding. 


2 In ConsoleOne, browse to and select the Domain object or Post Office object where you want 
to rebuild the database index. 


3 Click Tools > GroupWise Utilities > System Maintenance. 
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Gg GroupWise System Maintenance 


© Validate Database 

C Recover Database 

C Rebuild Database 

© Reclaim Unused Space 


Description: 
Rebuild listing indexes reconstructs the indexes used by 
the Address Book. 





4 Select Rebuild Indexes for Listing, then click Run. 


5 When prompted, make sure the Path to Database is correct. If an incorrect path is displayed, 
browse to and select the path to the database being whose indexes are being rebuilt. Click OK. 
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Maintaining User/Resource and 
Message Databases 


It is sometimes necessary to perform maintenance tasks on user and resource databases 
(userxxx.db) and message databases (msgnnn . db). The frequency depends on the reliability of 
your network and your own experience of how often problems are likely to occur. The following 
tasks help you maintain the integrity of your user and message databases. 

+ Section 27.1, “Analyzing and Fixing User and Message Databases,” on page 385 

¢ Section 27.2, “Performing a Structural Rebuild of a User Database,” on page 387 


+ Section 27.3, “Re-creating a User Database,” on page 388 





NOTE: Unfortunately, damage to databases cannot be prevented. A power outage can occur in the 
middle of a write to a database. A hard drive can fail. However, the Group Wise” tools for repairing 
damaged databases are very effective and should be able to resolve most damage to Group Wise 
databases. 





To further protect your GroupWise users against loss of mailbox contents, see Chapter 31, “Backing 
Up GroupWise Databases,” on page 407 and Chapter 32, “Restoring GroupWise Databases from 
Backup,” on page 411. 


To ensure that the same information exists for users and messages throughout your Group Wise 
system, see Section 29.1, “Synchronizing Individual Users or Resources,” on page 395. 


27.1 Analyzing and Fixing User and Message 
Databases 


The Analyze/Fix option of Mailbox/Library Maintenance looks for problems and errors in user and 
resource databases (userxxx. db) and/or message databases (msgnnn. db) and then fixes them if 
you select the Fix Problems option. You can analyze databases individually or you can analyze all 
user, resource, and/or message databases in one or more post offices. 


To analyze and repair user, resource, and/or message databases: 


1 In ConsoleOne®, browse to and select one or more User or Resource objects to check 
individual users or resources. 


or 


Browse to and select one or more Post Office objects to select all user and/or message 
databases in the post office. 


2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 
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Novell GroupWise Mailbox/Library Maintenance 
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3 From the Action drop-down menu, select Analyze/Fix Databases. 
4 Select from the following options: 


Structure: When a user experiences a problem that is related to the user, message, or library 
databases, you should perform a structure check. The structure check verifies the integrity of 
the databases and reports the amount of space that could be recovered. If there is a structural 
problem, the databases are rebuilt with free space reclaimed. 


Index Check: If you select Structure, you can also select Index Check. You should run an 
index check if a user tries to open a message and gets a read error, or when sent items that show 
a delivered status in the Properties window do not appear in the recipient’s mailbox. An index 
check can be time-consuming. 


Contents: The user databases (located in the ofuser directory) do not contain user messages. 
Messages are contained in the message databases under the ofmsg directory. However, the 
message databases do not contain the message attachments; these are located in the offiles 
directory. A contents check analyzes references to other items. For example, in the user 
database, Mailbox/Library Maintenance verifies that any referenced messages actually exist in 
the message database. In the message database, it verifies that any attachments that are 
referenced actually exist in the attachment directories. 


Collect Statistics: If you selected Contents, the Collect Statistics option is available to collect 
and display statistics about the post office, such as the number of messages and appointments in 
the post office and the average number per user. In addition, you can display any user 
mailboxes that have more than a specified number of items. This can help determine if some 
users are using an excessive amount of disk space. If this is a problem, you might want to 
encourage users to delete unneeded items or to use the Archive feature in the GroupWise client 
to store messages on their local drives. You can also limit the amount of disk space each user 
can have. See Section 12.3, “Managing Disk Space Usage in the Post Office,” on page 182. 


Fix Problems: This option tells Mailbox/Library Maintenance to fix any problems it finds. 
Otherwise, Mailbox/Library Maintenance just reports the problems. 


Reset User Disk Space Totals: Recalculates the total disk space a GroupWise user is using by 
reading the selected user mailboxes and updating the poll record used for disk space 
management. Because disk space is user-specific, the program calculates the amount of disk 
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space in use by the user in the user databases, in any of the message databases, and in the 
attachment directory. Disk space limitations do not take into account the disk space used in 
document libraries. This option is usually run if the user totals are not being reflected correctly. 


5 Using the tabs at the bottom of the Mailbox/Library Maintenance dialog box, set the following 


options: 


“Databases” on page 429 


“Logging” on page 429 


“Results” on page 430 


“Misc” on page 430 
“Exclude” on page 430 


Selected options can be saved for repeated use. See “Saving Mailbox/Library Maintenance 
Options” on page 431. 


6 Click Run to perform the Analyze/Fix operation. 


Analyze/Fix can also be run using the standalone GroupWise Check program. See Section 34.1, 
“Group Wise Check,” on page 423. It can also be scheduled to run on a regular basis by properly 
configuring the POA. See Section 36.4.1, “Scheduling Database Maintenance,” on page 507. 


27.2 Performing a Structural Rebuild of a User 


Database 


The Structural Rebuild option of Mailbox/Library Maintenance rebuilds the structure of a user or 
resource database (user xxx. db) and reclaims any free space. It does not re-create the contents of 
the database. If you need to recover database contents as well as structure, see Section 27.3, “Re- 
creating a User Database,” on page 388. 


To rebuild a user database: 


1 In ConsoleOne, browse to and select one or more User or Resource objects whose database 
needs to be rebuilt. 


2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 
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3 From the Action drop-down list, select Structural Rebuild. 


4 Using the tabs at the bottom of the Mailbox/Library Maintenance dialog box, set the following 
options: 


“Databases” on page 429 

“Logging” on page 429 

“Results” on page 430 

“Misc” on page 430 

Selected options can be saved for repeated use. See “Saving Mailbox/Library Maintenance 
Options” on page 431. 


5 Click Run to perform a structural rebuild of the user database. 


27.3 Re-creating a User Database 


The Re-create User Database option of Mailbox/Library Maintenance rebuilds a user or resource 
database (userxxx.db) and recovers any information it can. Some information is lost, such as the 
folder assignments. 


You should never need to select this option for regular database maintenance. It is designed for 
severe problems, such as replacing a user database that has been accidentally deleted and for which 
you have no backup copy. A substantial amount of information is lost in the re-creation process, as 
listed in “User Databases” on page 465. Because folder assignments are lost, all items are placed 
into the Cabinet folder. The user must then reorganize all the items in his or her mailbox. Using 
filters and searching can facilitate this process, but it is not a desirable experience. It is, however, 
preferable to losing everything. 


To re-create a user database: 


1 In ConsoleOne, browse to and select one or more User or Resource objects that need the user 
database re-created. 


2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 
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3 From the Action drop-down list, select Re-create User Database. 
4 Using the tabs at the bottom of the Mailbox/Library Maintenance dialog box, set the following 
options: 
“Databases” on page 429 
“Logging” on page 429 
“Results” on page 430 
“Misc” on page 430 


Selected options can be saved for repeated use. See “Saving Mailbox/Library Maintenance 
Options” on page 431. 


5 Click Run to re-create the user database. 
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Maintaining Library Databases and 
Documents 


GroupWise® Document Management Services (DMS) uses libraries as repositories for documents. 
For a review of library database structure, see Section 25.5, “Library Databases,” on page 374. 


+ Section 28.1, “Analyzing and Fixing Databases for Libraries and Documents,” on page 391 


+ Section 28.2, “Analyzing and Fixing Library and Document Information,” on page 392 


NOTE: Unfortunately, damage to databases cannot be prevented. A power outage can occur in the 
middle of a write to a database. A hard drive can fail. However, the GroupWise tools for repairing 
damaged databases are very effective and should be able to resolve most damage to Group Wise 
databases. 





28.1 Analyzing and Fixing Databases for 
Libraries and Documents 


For libraries, the Analyze/Fix Databases option of Mailbox/Library Maintenance looks for problems 
and errors in library and document databases and then fixes them if you select the Fix Problems 
option. 

1 In ConsoleOne®, browse to and select one or more Library objects. 


2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 
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3 From the Action drop-down menu, select Analyze/Fix Databases. 


4 Select from the following options: 
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Structure: When a user experiences a problem that is related to the library databases, you 
should perform a structure check. The structure check verifies the integrity of the databases and 
reports the amount of space that could be recovered. If there is a structural problem, the 
databases are rebuilt with free space reclaimed. 


Index Check: If you select Structure, you can also select Index Check. An index check can be 
time-consuming. 


Contents: The library database (located in the gwdms directory of the post office) does not 
contain documents. Documents are stored in the 1ib0000-FF directories. A contents check 
analyzes references from libraries to documents. 


Collect Statistics: If you selected Contents, the Collect Statistics option is available to collect 
and display statistics about the library, such as the number and size of documents. 


Fix Problems: This option tells Mailbox/Library Maintenance to fix any problems it finds. 
Otherwise, Mailbox/Library Maintenance just reports the problems. 


5 Using the tabs at the bottom of the Mailbox/Library Maintenance dialog box, set the following 
options: 


“Databases” on page 429 
“Logging” on page 429 
“Results” on page 430 
“Misc” on page 430 
Selected options can be saved for repeated use. See “Saving Mailbox/Library Maintenance 
Options” on page 431. 
6 Click Run to perform the Analyze/Fix Databases operation on the library. 


Analyze/Fix Databases can also be run using the standalone GroupWise Check program. See 
Section 34.1, “Group Wise Check,” on page 423. It can also be scheduled to run on a regular basis by 
properly configuring the POA. See Section 36.4.1, “Scheduling Database Maintenance,” on 

page 507. 


28.2 Analyzing and Fixing Library and Document 
Information 


The Analyze/Fix Library option of Mailbox/Library Maintenance performs more library-specific 
functions than Analyze/Fix Databases. For all options except Verify Library, all documents in each 
of the selected library databases are checked. This can be a time-consuming process. Therefore, if 
you intend to select more than one of the Analyze/Fix Library options, you can save time by 
selecting each of them before clicking Run. This causes all selected options to be run against each 
document, which is faster than running each option individually against all documents. 


To validate library databases: 


1 In ConsoleOne, browse to and select one or more Post Office objects where you want to 
validate libraries. 


2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 
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3 From the Action drop-down menu, select Analyze/Fix Library. 


4 Select from the following options: 


Verify Library: This is a post office-level check. It verifies that all libraries are on the libraries 
list. It also checks the schema and guarantees its integrity. If there is a problem with the 
schema, it resets to a default schema to reclaim any missing items. For example, if you deleted 
the Document Type property, you could recover it using this option. 


Fix Document/Version/Element: This performs an integrity check to verify the following: 


+ Each document has one or more versions linked to it. 


+ Each version has one or more elements linked to it. 


+ All versions are linked to a document. 


+ All elements are linked to a version. 


If there are any missing links, the missing documents or versions are created from the 
information contained in the existing version or element for which the link is missing. For 
example, if a version is found that shows no link to a document, a document is created from the 
information contained in the version and the link is reestablished. Of course, any information in 
the lost document that might have been newer than the information contained in the old version 


is lost. 


Verify Document Files: This determines if the BLOB exists for a document and the document 
is accessible. If not, an error is logged for that document. The log message does not indicate 
why a file is missing or inaccessible. You can recover a file by restoring it from backup. 


Possible errors that would be logged include: 


¢ Ifthe file system on the network becomes corrupted, this tells you which documents 
cannot be opened or which BLOB files are missing. 


¢ Ifa file was marked by someone as Read Only or Hidden, this option logs an error 


indicating that the file is inaccessible. 


Validate All Document Security: This option validates document security for the Author, 
Creator and Security (document sharing) fields. The validation replaces the results of selecting 
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the Validate Author/Creator Security option, and is more thorough. Therefore, you only need to 
select one option or the other. 


Synchronize User Name: The Author and Creator fields display users’ full names, not unique 
IDs. If a user’s name is changed, such as for marriage, this option verifies that the user’s name 
on document and version records is the same as the user’s current display name. In other words, 
the Author and Creator fields in documents and versions are updated to the user’s newer name. 


Remove Deleted Storage Areas: When you delete a document storage area in the Storage 
Areas page of a library’s details dialog box, the document storage area and the documents 
stored there remain on the system. Deleting the storage area from the library only means that 
new documents are not stored there. The documents there continue to be available to users. 


If you want to also remove the document storage area from the system, you have two options: 
delete the storage area and its documents, or first move the documents and then delete the 
storage area. The first option is not advisable, but exists so that if you have moved all of the 
documents that can be moved, but some corrupted documents are left behind, you can force the 
document storage area to be deleted. 


You should normally select Move Documents First so that users continue to have access to 
those documents from a different document storage area. With this option, all BLOBs in the 
library are checked to see which documents are in the area being deleted. 


Reassign Orphaned Documents: Documents can occasionally become orphaned (unattached 
to auser). For example, this can happen when a user leaves your organization and the user 
object is removed. All documents belonging to that user are no longer available in Group Wise 
searches and cannot be accessed by anyone (document security is controlled by the user listed 
in the Author and Creator fields). This option lets you reassign these documents to another 
user. You must select a new author from the browser menu after checking this option. The new 
author you designate has access to all orphaned documents in this library. 


Reset Word Lists: Documents stored in a library are indexed and inserted into a generated 
word list. This allows users to search for a document by keywords as well as any word 
contained within a document. The document library word list might become outdated and if 
this occurs, the word list must be regenerated. This option allows the program to regenerate the 
document library word list the next time an index operation is performed. 


5 Using the tabs at the bottom of the Mailbox/Library Maintenance dialog box, set the following 
options: 


“Databases” on page 429 
“Logging” on page 429 
“Results” on page 430 
“Misc” on page 430 
Selected options can be saved for repeated use. See “Saving Mailbox/Library Maintenance 
Options” on page 431. 
6 Click Run to perform the Analyze/Fix Library operation. 
Analyze/Fix Library can also be run using the standalone GroupWise Check program. See 
Section 34.1, “GroupWise Check,” on page 423. It can also be scheduled to run on a regular basis by 


properly configuring the POA. See Section 36.4.1, “Scheduling Database Maintenance,” on 
page 507. 
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Synchronizing Database 
Information 


In general, synchronization of object information throughout your GroupWise system occurs 
automatically. Whenever you add, delete, or modify a GroupWise object, the information is 
automatically replicated to all appropriate databases. Ideally, each domain database (wpdomain.db) 
in your system contains original records for all objects it owns and accurately replicated records for 
all objects owned by other domains. However, because unavoidable events such as power outages 
and hardware problems can disrupt network connectivity, information in various databases might get 
out of sync. 


If you think you have a synchronization problem, especially soon after adding, deleting, or 
modifying objects, it is wise to check Pending Operations to make sure your changes have been 
processed. See Section 4.5, “Pending Operations,” on page 60. When waiting for replication to take 
place, patience is a virtue. 


When information differs between the original record and a replicated record, the original record is 
considered correct. If you perform synchronization from the owning domain, the owning domain 
notifies the primary domain of the correct information, then the primary domain broadcasts the 
correct information to all secondary domains. Therefore, the best place to perform synchronization 
is from the domain that owns the object that is out of sync. The next best place to perform 
synchronization is from the primary domain, because the primary domain sends a request to the 
owning domain for the correct information, then broadcasts the correct information to all secondary 
domains. 


Any GroupWise object can be synchronized: 


+ Section 29.1, “Synchronizing Individual Users or Resources,” on page 395 
+ Section 29.2, “Synchronizing a Post Office,” on page 396 

+ Section 29.3, “Synchronizing a Library,” on page 397 

+ Section 29.4, “Synchronizing a Secondary Domain,” on page 397 


+ Section 29.5, “Synchronizing the Primary Domain from a Secondary Domain,” on page 398 


29.1 Synchronizing Individual Users or 
Resources 


Most often, you will notice a synchronization problem when a user has trouble sending a message. 
Symptoms include: 
+ The sender receives a “user is undeliverable” message. 


+ A new user or resource created in ConsoleOne® does not appear in the Address Book in some 
or all post offices. 


+ User or resource information is incorrect in the Address Book but correct in ConsoleOne. 
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+ A user or resource is listed in the Address Book as belonging to one post office but actually 
belongs to another. 


To synchronize individual User and/or Resource objects: 


1 In ConsoleOne, connect to the domain that owns the users and/or resources, as described in 
Section 9.1, “Connecting to a Domain,” on page 127. 


or 


Connect to the primary domain. 


2 Browse to and right-click one or more User or Resource objects to synchronize, then click 
Properties. 


3 Make sure the correct information appears on the object’s Identification page, then click 
Cancel. 


4 Repeat Step 2 and Step 3 for each user or resource you need to synchronize. 

Select each User or Resource object, then click Tools > GroupWise Utilities > Synchronize. 
6 When you are asked whether to proceed, click Yes. 

Current, correct information is then replicated throughout your GroupWise system. 


If many User or Resource objects are being synchronized, you can check progress by viewing 
pending operations. See Section 4.5, “Pending Operations,” on page 60. 


After synchronization is complete, you can verify that it was successful by checking the 
synchronized objects in Address Books and several post offices in your GroupWise system. 


If there are indications that a large number of User or Resource objects need to be synchronized, 
rebuilding the post office database (wphost . db) can be preferable to synchronizing individual 
objects. However, this process requires exclusive access to the post office database. See 

Section 26.3, “Rebuilding Domain or Post Office Databases,” on page 381. 


Occasionally, GroupWise user information can get out of sync with Novell® eDirectory™ user 
information. This requires a different type of synchronization process. See Section 41.4.1, “Using 
eDirectory User Synchronization,” on page 638. 


29.2 Synchronizing a Post Office 


If information for a particular post office does not display the same throughout your Group Wise 
system, you can synchronize the post office. 


1 In ConsoleOne, connect to the domain that owns the post office, as described in Section 9.1, 
“Connecting to a Domain,” on page 127. 


or 


Connect to the primary domain. 
2 Browse to and right-click the Post Office object to synchronize, then click Properties. 


3 Make sure the correct information appears on the post office Identification page, then click 
Cancel. 


4 Select the Post Office object, then click Tools > GroupWise Utilities > Synchronize. 
5 When you are asked whether to proceed, click Yes. 
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Current, correct post office information is then replicated throughout your GroupWise system. 


After synchronization is complete, you can verify that it was successful by checking the post 
office information when connected to different domains in your GroupWise system. 


See also Section 26.3, “Rebuilding Domain or Post Office Databases,” on page 381. 


29.3 Synchronizing a Library 


If information for a library does not display the same throughout your GroupWise system, you can 
synchronize the library. 


1 


a BR © N 


In ConsoleOne, connect to the domain that owns the library, as described in Section 9.1, 
“Connecting to a Domain,” on page 127. 


or 


Connect to the primary domain. 

Browse to and right-click the Library object to synchronize, then click Properties. 

Make sure the correct information appears on the library Identification page, then click Cancel. 
Select the Library object, then click Tools > GroupWise Utilities > Synchronize. 

When you are asked whether to proceed, click Yes. 

Current, correct library information is then replicated throughout your GroupWise system. 


After synchronization is complete, you can verify that it was successful by checking the library 
information when connected to different domains in your GroupWise system. 


See also Section 28.2, “Analyzing and Fixing Library and Document Information,” on page 392. 


29.4 Synchronizing a Secondary Domain 


If information for a particular secondary domain does not display the same throughout your 
GroupWise system, you can synchronize the secondary domain. 


1 


In ConsoleOne, connect to the primary domain, as described in Section 9.1, “Connecting to a 
Domain,” on page 127. 


If there is any doubt about the correctness of that secondary domain’s information as stored in 
the primary domain database, synchronize the primary domain with the secondary domain 
before proceeding, as described in Section 29.5, “Synchronizing the Primary Domain from a 
Secondary Domain,” on page 398. 


Browse to and right-click the Domain object to synchronize, then click Properties. 


Make sure the correct information appears on the domain Identification page, then click 
Cancel. 


Select the Domain object, then click Tools > GroupWise Utilities > Synchronize. 


6 When you are asked whether to proceed, click Yes. 


Current, correct domain information for the secondary domain is then replicated throughout 
your GroupWise system. 


After synchronization is complete, you can verify that it was successful by checking the 
domain information when connected to different domains in your GroupWise system. 
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See also Section 26.3, “Rebuilding Domain or Post Office Databases,” on page 381. 


29.5 Synchronizing the Primary Domain from a 
Secondary Domain 


Information about a secondary domain stored in the secondary domain database is considered more 
current and correct than information about that secondary domain stored in the primary domain 
database. If the primary domain database contains out-of-date information, you can synchronize the 
primary domain from the secondary domain. 


When you synchronize the primary domain database from a secondary domain database, any records 
the secondary domain owns, such as post offices or users added to the secondary domain, are 
replicated from the secondary domain database to the primary domain database. 


To synchronize the primary domain from a secondary domain: 
1 You must have administrative rights to the primary domain directory and the secondary domain 
directory from which the primary domain is being synchronized. 


2 In ConsoleOne, browse to and select the Domain object of the secondary domain whose 
database you want to use to synchronize the primary domain database. 


3 Click Tools > GroupWise Utilities > System Maintenance. 
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Description: 
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record in the secondary domain has a matching record in 
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4 Select Sync Primary with Secondary, then click Run. 


5 When prompted, make sure the Path to Database is correct. If an incorrect path is displayed, 
browse to and select the path to the database being validated. Click OK. 


To make sure the primary domain database is totally up-to-date, repeat the procedure for each 
secondary domain in your system. 
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Managing Database Disk Space 


One of the most common maintenance issues in a growing system is running out of disk space. In 
addition to sending messages, users tend to use GroupWise” for all sorts of communication, such as 
transferring large files. Library documents created with Document Management Services (DMS) 
can use huge amounts of disk space. Archived library documents can also quickly use up disk space 
assigned to the post office, where space is usually limited. 


You should let your users know about the archive and auto-delete features of Group Wise mail, or set 
client options in ConsoleOne® to automatically archive or delete. See Chapter 65, “Setting Defaults 
for the Group Wise Client Options,” on page 1045. 

+ Section 30.1, “Gathering Mailbox Statistics,” on page 399 

+ Section 30.2, “Reducing the Size of User and Message Databases,” on page 401 

+ Section 30.3, “Reclaiming Disk Space in Domain and Post Office Databases,” on page 403 

+ Section 30.4, “Reducing the Size of Libraries and Document Storage Areas,” on page 404 


See also Section 12.3, “Managing Disk Space Usage in the Post Office,” on page 182. 


30.1 Gathering Mailbox Statistics 


If you have some users who don’t like to throw anything away, you might want to monitor the size 
of their mailboxes and, where appropriate, suggest voluntary cleanup. You can assess e-mail 
retention by the number of messages, age of messages, or size of user databases. 


The Mailbox Statistics option in Mailbox/Library Maintenance collects and displays statistics about 
the post office, such as the number of messages and appointments in the post office and the average 
number per user. It is valid only for user databases. In addition, you can display any user mailboxes 
that have more than a specified number of items. This can help determine which users might be 
using an excessive amount of file server disk space. 


To gather mailbox statistics: 


1 In ConsoleOne, browse to and select one or more User or Resource objects or one or more Post 
Office objects. 


2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 
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3 From the Action drop-down menu, select Mailbox Statistics. 
4 Select Mailbox Statistics. 


Mailbox Statistics: Specify a maximum number of items to see a report showing each user 
whose mailbox has more items in it than the number you specify. 


or 
Select Expire Statistics. 
Expire Statistics: Select one of the following: 
¢ Items Older Than: Shows how many items are older than the number of days you 
specify. 


+ Downloaded Items Older Than: Shows how many items have been downloaded to 
users’ GroupWise Caching or Remote mailboxes that are older than the number of days 
you specify. This does not include items that have been downloaded to non-Group Wise 
mailboxes (for example, POP and IMAP accounts). 


+ Items Larger Than: Shows how many items are larger than the size you specify. 


+ Reduce Mailbox To: Shows how many items need to be expired before the mailbox 
would be reduced to the size you specify. Older, larger items are expired before newer, 
smaller items. 


+ Reduce Mailbox to Limited Size: Shows how many items need to be expired before the 
mailbox is the size specified using the Disk Space Management feature under Client 
Options, as described in Section 12.3.2, “Setting Mailbox Size Limits,” on page 183. 


When items meet your selected expire criteria, they are subject to being removed from the 
mailbox when you use the Expire/Reduce Messages action as described in Section 30.2, 
“Reducing the Size of User and Message Databases,” on page 401. 


5 In the Include box, select Received Items, Sent Items, Calendar Items, Only Backed-Up Items, 
and/or Only Retained Items to specify the types of items to gather statistics for. 


The Only Backed-Up Items option interacts with the Do Not Purge Items Until They Are 
Backed Up setting under Tools > GroupWise Utilities > Client Options > Environment Options 
> Cleanup. If items are not allowed to be deleted before they are backed up, then they cannot 
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be deleted during an Expire/Reduce operation. For more information, see “Environment 
Options: Cleanup” on page 1057. 


The Only Retained Items option interacts with third-party message retention applications, as 
described in Chapter 33, “Retaining User Messages,” on page 419. 


6 Using the tabs at the bottom of the Mailbox/Library Maintenance dialog box, set the following 
options: 
“Databases” on page 429 
“Logging” on page 429 
“Results” on page 430 
“Misc” on page 430 
“Exclude” on page 430 
Selected options can be saved for repeated use. See “Saving Mailbox/Library Maintenance 
Options” on page 431. 
By default, the mailbox statistics are sent to the domain administrator, as designated in 
Section 42.7, “Notifying the Domain Administrator,” on page 671. 


7 Ifyou want to send the statistics to one or more other users, click Results, select Individual 
Users, specify the e-mail addresses in the users in the CC line, then click Message if you want 
to include explanatory text. 


8 Click Run to gather the mailbox statistics and e-mail the results to the specified users. 


30.2 Reducing the Size of User and Message 
Databases 


When users archive and delete messages in their mailboxes, the messages are marked for removal 
from the database (“expired”), but the disk space the messages occupy in the database is retained 
and used again for new messages. As a result, archiving and deleting messages does not affect the 
overall size of the databases. 


The Expire/Reduce Messages option of Mailbox/Library Maintenance eliminates expired messages 
and reclaims the resulting free space in the database. You can expire/reduce messages for one or 
more users or resources, or for all users and resources in one or more post offices. You should 
inform users before you run this process so they have a chance to archive or delete messages. 
Unread messages are not expired. 


1 In ConsoleOne, browse to and select one or more User or Resource objects to expire/reduce 
messages for the selected users and resources. 


or 


Browse to and select one or more Post Office objects to expire/reduce messages for all users 
and resources in each selected post office. 


2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 
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3 From the Action drop-down menu, select Expire/Reduce Messages. 


4 Click Reduce Only to eliminate items that have already expired (that is, items that have been 
archived or deleted by users). 


or 


Click Expire and Reduce to expire items in addition those that users have already archived or 
delete, based on the criteria you select. 


Expire and Reduce: Select one or more of the following: 


+ 


+ 


Items Older Than: Expires items that are older than the number of days you specify. 


Downloaded Items Older Than: Expires items that have been downloaded to users’ 
Group Wise Caching or Remote mailboxes that are older than the number of days you 
specify. It does not expire items that have been downloaded to non-GroupWise mailboxes 
(for example, POP and IMAP accounts). 


Items Larger Than: Expires items that are larger than the size you specify. 

Trash Older Than: Expires items in the Trash that are older than the number of days you 
specify. 

Reduce Mailbox To: Expires items until the mailbox is reduced to the size you specify. 
Older, larger items are expired before newer, smaller items. 


Reduce Mailbox to Limited Size: Expires items until the mailbox is the size specified 
using the Disk Space Management feature under Client Options, as described in 
Section 12.3.2, “Setting Mailbox Size Limits,” on page 183. 


5 Inthe /nclude box, select Received Items, Sent Items, Calendar Items, Only Backed-Up Items, 
and/or Only Retained Items. 


The Only Backed-Up Items option interacts with the Do Not Purge Items Until They Are 
Backed Up setting under Tools > GroupWise Utilities > Client Options > Environment Options 
> Cleanup. If items are not allowed to be deleted before they are backed up, then they cannot 
be deleted during an Expire/Reduce operation. For more information, see “Environment 
Options: Cleanup” on page 1057. 
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The Only Retained Items option interacts with third-party message retention applications, as 
described in Chapter 33, “Retaining User Messages,” on page 419. 


You might want to notify users of the types of items that will be deleted. 


6 Using the tabs at the bottom of the Mailbox/Library Maintenance dialog box, set the following 
options: 


“Databases” on page 429 

“Logging” on page 429 

“Results” on page 430 

“Misc” on page 430 

“Exclude” on page 430 

Selected options can be saved for repeated use. See “Saving Mailbox/Library Maintenance 
Options” on page 431. 


7 Click Run to perform the Expire/Reduce Messages operation. 


For additional disk space management assistance, see Section 12.3, “Managing Disk Space Usage in 
the Post Office,” on page 182. 


30.3 Reclaiming Disk Space in Domain and Post 
Office Databases 


As you add information to your system, the domain databases (wodomain. db) and post office 
databases (wphost . db) increase in size. If you delete information, the space created in the 
databases for the information is not immediately recovered. GroupWise will use the free space 
before requiring more disk space; however, if you have deleted a large amount of information, you 
might want to reclaim unused database space. If you have frequent changes to your users, especially 
deletions, you should occasionally reclaim disk space. 


1 In ConsoleOne, browse to and select the Domain object or Post Office object where you want 
to reclaim disk space. 


2 Click Tools > GroupWise Utilities > System Maintenance. 


GroupWise System Maintenance 


© Validate Database 
© Recover Database 


© Rebuild Database 





e 
© Rebuild Indexes for Listing 
© Refresh Views 


e 


f 
Fe 
‘a 
| 53 


Description: 
Reclaiming space may reduce the size ofthe database by 
eliminating any unused space. 





3 Select Reclaim Unused Space, then click Run. 
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4 When prompted, make sure the Path to Database is correct. If an incorrect path is displayed, 
browse to and select the path to the database where you want to reclaim disk space. Click OK. 


30.4 Reducing the Size of Libraries and 
Document Storage Areas 


The amount of disk space you allow at each post office for your library databases varies according to 
the GroupWise features they use. 


If you are using GroupWise Document Management Services, you must determine storage 
requirements for your documents. If you feel your current disk space usage by documents is not 
representative of your long-term requirements, you can estimate the disk space users need for 
documents by multiplying an average document size by the average number of documents per user 
by the total number of users in the post office. 


For example, the typical document size is 50 KB. Each user owns about 50 documents and there are 
100 users on your post office. 


Sample Calculation: 
50 KB (document size) 
x 50 documents (per user) 
x 100 users 


2.5 GB of disk space 
Be sure to allow your libraries room to grow. 


When room to grow is no longer available, the following tasks help you make the best use of 
available disk space: 


+ Section 30.4.1, “Archiving and Deleting Documents,” on page 404 
+ Section 30.4.2, “Deleting Activity Logs,” on page 405 


See also Section 23.4.2, “Backing Up and Restoring Archived Documents,” on page 360. 


30.4.1 Archiving and Deleting Documents 


Documents can be archived, retained indefinitely, or simply deleted. The document type property 
determines a document’s disposition (archive, delete, or retain). The document life property 
determines when it can be archived or deleted. When you run the Archive/Delete Documents option 
of Mailbox/Library Maintenance, documents in the selected libraries that have reached their 
document life dates are either deleted or archived. 


Documents that have reached their document life and been marked for deletion in the document type 
are simply deleted from the library, after which the document and its property information can no 
longer be found by any search. You can recover deleted documents from database backups. 


When documents are archived, their BLOBs are moved to archive directories. These directories are 
named arnnnnnn (Where nnnnnn is an incremented integer with leading zeros), and are 
automatically created as needed. They are sometimes referred to as archive sets. The archive 
directories are located at post office directory\gwdms\lib01-FF\archive. Whena 
document is archived, GroupWise determines if the document BLOB fits in the current archive 
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directory. If the BLOB does not fit, another archive directory is created and the BLOB is archived 
there. 


To archive/delete documents from one library or all libraries in the selected post offices: 


1 In ConsoleOne, select one or more Library objects or Post Office objects for the documents you 
want to archive/delete. 


2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 


Novell GroupWise Mailbox/Library Maintenance 
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Post Offices + Archive/Delete Documents 
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Close 
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Options file: <default> 





3 From the Action drop-down menu, select Archive/Delete Documents. 
4 Using the tabs at the bottom of the Mailbox/Library Maintenance dialog box, set the following 
options: 
“Databases” on page 429 
“Logging” on page 429 
“Results” on page 430 
“Misc” on page 430 


Selected options can be saved for repeated use. See “Saving Mailbox/Library Maintenance 
Options” on page 431. 


5 Click Run to perform the Archive/Delete Documents operation. 


30.4.2 Deleting Activity Logs 


To free up disk space by deleting the activity logs for one or more libraries: 


1 In ConsoleOne, select one or more Library objects or Post Office object where you want to 
delete activity logs. 


2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 
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KE Novell GroupWise Mailbox/Library Maintenance 


© GroupWise Objects: 


Post Offices x Delete Activity Logs 
à Provo1 Development 
Delete logs older than | 60 | days 


© Object Type 
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Options file: <default> 


3 From the Action drop-down menu, select Delete Activity Logs. 
4 Specify the number of days in the Delete Activity Logs Older Than field. The default is 60 days. 
5 Using the tabs at the bottom of the Mailbox/Library Maintenance dialog box, set the following 
options: 
“Databases” on page 429 
“Logging” on page 429 
“Results” on page 430 
“Misc” on page 430 


Selected options can be saved for repeated use. See “Saving Mailbox/Library Maintenance 
Options” on page 431. 


6 Click Run to delete unneeded activity logs. 
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Backing Up GroupWise Databases 


You should back up GroupWise® databases regularly so that if a database sustains damage that 
cannot be repaired using the GroupWise database maintenance tools, you can still recover with 
minimum data loss. Backup procedures vary by platform: 


Table 31-1 Backup Procedures by Platform 


NetWare: Use a Target Service Agent (GWTSA on NetWare® 5.1 or TSAFSGW on NetWare 6.x/ 
OES) with a supported backup program or other backup software of choice to back up 
GroupWise databases to a secure location. For details about how to use a Target Service 
Agent, see Section 34.2, “Target Service Agents,” on page 434. 


Linux: Use a Target Service Agent (TSAFSGW) with a supported backup program or other 
backup software of choice to back up GroupWise databases to a secure location. For a list 
of compatible products, see the Novell Open Enterprise Server Partner Support site (http:/ 
/www.novell.com/products/openenterpriseserver/partners). For details about how to use a 
Target Service Agent, see Section 34.2, “Target Service Agents,” on page 434. 


Windows: Use your backup software of choice to back up GroupWise databases to a secure 
location. For a list of compatible products, see the Partner Product Guide (http:// 
www.novell.com/partnerguide). You can also use the GroupWise Database Copy utility 
(DBCopy) and the GroupWise Time Stamp utility (GWTMSTMP) to assist with backups. 
For details about how to use these utilities, see Section 34, “Standalone Database 
Maintenance Programs,” on page 423. 


¢ Section 31.1, “Backing Up a Domain,” on page 407 
Section 31.2, “Backing Up a Post Office,” on page 407 


+ 


+ Section 31.3, “Backing Up a Library and Its Documents,” on page 408 


+ 


Section 31.4, “Backing Up Individual Databases,” on page 409 


31.1 Backing Up a Domain 


All critical domain-level information is stored in the domain database (wpdomain. db). Use your 
backup software of choice to back up each domain database to a secure location. If your backup 
software cannot handle open files, stop the MTA for the domain while the backup of the domain 
database takes place or copy the domain directory to a temporary location and back up the static 


copy. 


See also Section 32.1, “Restoring a Domain,” on page 411. 


31.2 Backing Up a Post Office 


Critical post office-level information is stored in many different databases. The table below 
summarizes the databases and their locations: 
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Table 31-2 Database Locations 


Database Location 

wphost.db \post office directory 
ngwguard. db \post office directory 
msgnnn.db \post office directory\ofmsg 
userxxx.db \post office directory\ofuser 
puxxxxx.db \post office directory\ofuser 


*,idxand*.inc \post office directory\ofuser\index 

fao-F6 \post office directory\offiles 

dmsh.db \post office directory\gwdms 

dmxxnn01-FF.db \post_office_directory\gwdms\1ib0000-FF 
fd0-FF \post office directory\gwdms\1ib0000-FF\docs 


*,idx and *.inc \post office directory\gwdms\1ib0000-FF\ index 


To view a post office directory structure diagram, see “Post Office Directory” in Group Wise 7 
Troubleshooting 3: Message Flow and Directory Structure. 


Use your backup software of choice to back up all databases in each post office to a secure location. 
If your backup software cannot handle open files, stop the POA for the post office while the backup 
of the domain database takes place or copy the post office directory to a temporary location and back 
up the static copy. 


See also Section 32.2, “Restoring a Post Office,” on page 411. 


31.3 Backing Up a Library and Its Documents 


If the document storage area for a library is physically located in a post office, the library and 
documents are backed up along with the rest of the data in the post office. However, document 
storage areas are frequently located outside of the post office directory structure because of disk 
space considerations. Therefore, remote document storage areas must be backed up separately. A 
post office can have multiple libraries and each library can have multiple document storage areas, so 
make sure you have identified all document storage areas in your library/document backup 
procedure. 


After you have initially performed a full backup of your document storage areas, you can perform 
incremental backups by backing up to the same location to shorten the backup process. 


To ensure consistency between the backups of post office databases and document storage areas: 


1 Back up your document storage areas using your backup software of choice. 
2 Back up the post office, as described in Section 31.2, “Backing Up a Post Office,” on page 407. 


3 Perform an incremental backup of your document storage areas to pick up all new documents 
and document modifications that occurred while backing up the post office. 
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You should need to restore data in a document storage area only if files have been damaged or 
become inaccessible due to a hard disk failure. 


See also Section 32.3, “Restoring a Library,” on page 412. 


31.4 Backing Up Individual Databases 


If you need to back up individual databases separately from backing up a post office, you can use 
your backup software of choice. 


See also Section 32.4, “Restoring an Individual Database,” on page 412. 
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Restoring GroupWise Databases 
from Backup 


Database damage can usually be repaired using the database maintenance tools provided with 
GroupWise®. Only very occasionally should you need to restore databases from backup. 

¢ Section 32.1, “Restoring a Domain,” on page 411 

+ Section 32.2, “Restoring a Post Office,” on page 411 

¢ Section 32.3, “Restoring a Library,” on page 412 

+ Section 32.4, “Restoring an Individual Database,” on page 412 

+ Section 32.5, “Restoring Deleted Mailbox Items,” on page 413 

+ Section 32.6, “Recovering Deleted GroupWise Accounts,” on page 416 


32.1 Restoring a Domain 


Typically, damage to the domain database (wodomain . db) can be repaired using the database 
maintenance tools provided in ConsoleOne®, as described in Chapter 26, “Maintaining Domain and 
Post Office Databases,” on page 377. 


If damage to the domain database is so severe that rebuilding the database is not possible: 


1 Stop the MTA for the domain. 


2 Use the backup software for your platform, as listed in Section 31.1, “Backing Up a Domain,” 
on page 407, to restore the domain database into the domain directory. 


3 Restart the MTA for the domain. 


4 To update the restored domain database with administrative changes made since it was backed 
up, synchronize the restored domain database with the primary domain database, as described 
in Section 29.4, “Synchronizing a Secondary Domain,” on page 397. 


If the restored domain database is for the primary domain, see Section 29.5, “Synchronizing the 
Primary Domain from a Secondary Domain,” on page 398. 


32.2 Restoring a Post Office 


Typically, damage to databases in a post office can be repaired using the database maintenance tools 
provided in ConsoleOne or using GroupWise Check (GWCheck). See Chapter 26, “Maintaining 
Domain and Post Office Databases,” on page 377, Chapter 27, “Maintaining User/Resource and 
Message Databases,” on page 385, and Section 34.1, “GroupWise Check,” on page 423. 


If damage to the post office was so severe that rebuilding databases is not possible: 


1 Stop the POA for the post office. 


2 Use the backup software for your platform, as listed in Section 31.2, “Backing Up a Post 
Office,” on page 407, to restore the various databases into their proper locations in the post 
office directory. 
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3 Ifyou do not use GWTSA or TSAFSGW to restore the post office, time-stamp the restored user 
databases so that old items are not automatically purged during nightly maintenance. 


3a In ConsoleOne, browse to and select the Post Office object, then click Tools > GroupWise 
Utilities > Backup/Restore Mailbox. 


3b On the Backup tab, select Restore, then click Yes. 
4 Restart the POA for the post office. 


5 To update the restored post office database (wphost . db) with the most current information 
stored in the domain database, rebuild the post office database, as described in Section 26.3, 
“Rebuilding Domain or Post Office Databases,” on page 381. 


6 To update other restored databases such as user databases (user xxx. db) and message 
databases (msgnnn. db) with the most current information stored in other post offices, run 
Analyze/Fix Databases with Contents selected, as described in Section 27.1, “Analyzing and 
Fixing User and Message Databases,” on page 385. 


32.3 Restoring a Library 


Typically, damage to library databases (dmsh . db and others) can be repaired using the database 
maintenance tools provided in ConsoleOne or using GroupWise Check (GWCheck). See 
Chapter 28, “Maintaining Library Databases and Documents,” on page 391 and Section 34.1, 
“Group Wise Check,” on page 423. 


If damage to the library is so severe that rebuilding databases is not possible: 


1 Stop the POA that services the library. 


2 Use the backup software for your platform, as listed in Section 31.3, “Backing Up a Library 
and Its Documents,” on page 408, to restore the library. 


3 Restart the POA. 


4 To update the restored library databases with the most current information stored in other post 
offices: 


4a In ConsoleOne, run Analyze/Fix Databases with Contents selected. 
4b Run Analyze/Fix Library. 


For more information, see Section 28.2, “Analyzing and Fixing Library and Document 
Information,” on page 392. 


32.4 Restoring an Individual Database 


Typically, damage to user and resource databases (userxxx.db) and message databases 
(msgnnn. db) can be repaired using the database maintenance tools provided in ConsoleOne or 
using GroupWise Check (GWCheck). See Chapter 27, “Maintaining User/Resource and Message 
Databases,” on page 385 and Section 34.1, “GroupWise Check,” on page 423. 


If damage to an individual database is so severe that repair is not possible: 


1 Make sure the user to whom the affected database belongs is not running the GroupWise client. 


2 Use your backup software of choice to restore the database into the proper location in the post 
office directory. 
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User databases are stored in the ofuser subdirectory in the post office. Message databases are 
stored in the ofmsg subdirectory. 


3 To update the restored database with the most current information available, run Analyze/Fix 
Databases with Contents selected, as described in Section 27.1, “Analyzing and Fixing User 
and Message Databases,” on page 385. 


32.5 Restoring Deleted Mailbox Items 


With proper planning, you can assist users in retrieving accidentally deleted items and items that 
became unavailable because of database damage. 


+ Section 32.5.1, “Setting Up a Restore Area,” on page 413 
¢ Section 32.5.2, “Restoring a User’s Mailbox Items,” on page 415 
¢ Section 32.5.3, “Letting Client Users Restore Their Own Mailbox Items,” on page 416 


32.5.1 Setting Up a Restore Area 


A restore area is only as useful as the post office data that is backed up regularly. Make sure you are 
backing up every Group Wise post office regularly, as described in Section 31.2, “Backing Up a Post 
Office,” on page 407. 


A restore area is a location you designate to hold a backup copy of a post office so that you or 
Group Wise Windows client users can access it to retrieve mailbox items that are unavailable in your 
live GroupWise system. 


To set up a restore area: 


1 In ConsoleOne, click Tools > GroupWise System Operations > Restore Area Management. 


Restore Area Directory Management 


Restore Area Directories: 
Name UNC Path 
Dev Restore Area WBD-NVVisysigwsystemidevrest 

















Description: 


= 


The Restore Area Directory Management dialog box lists any restore areas that currently exist 
in your Group Wise system. 





2 Click Create to setup a new restore area. 
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KS Edit Backup/Restore Area 


Identification | Membership | 


Name: 
| 


Description: 








Location 
UNC Path: 
| 


AppleTalk Path (optional): 








Linux Path (optional): 














3 On the Identification tab, specify a unique name for the new restore area. If desired, provide a 
lengthier description to further identify the restore area. 


4 Inthe UNC Path field, browse to and select an existing directory that you want to use as a 
restore area. 


or 


Specify the full path to a new directory, which will be created by the Target Service Agent that 
performs the restore. For more information, see Section 34.2, “Target Service Agents,” on 
page 434. 


or 


For a post office on Linux, specify the full path to an existing or new directory in the Linux 
Path field, so that the Linux POA can locate the restore area. The Linux POA cannot interpret a 
UNC path in this field. 


5 Click Membership. 


KS Edit Backup/Restore Area 


Identification Membership | 


Domain: Post Office: Object ID 


Provo1 Development 

















6 Click Add, select one or more post offices or users that need access to the new restore area, then 
click OK to add them to the membership list. 


7 When the membership list is complete, click OK to create the new restore area. 


If you display the Post Office Settings page for a post office that has a restore area assigned to 
it, you see that the Restore Area field has been filled in. 
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8 Use the backup software for your platform, as listed in Section 31.2, “Backing Up a Post 
Office,” on page 407, to restore a backup copy of the post office into the restore area. 


9 Grant the POA Read, Write, and File Scan rights to the restore area. 


10 Ifthe restore area is located on a different server from where the post office directory is located, 
provide the POA with a username and password for logging in to the remote server. 


You can provide that information using the Remote User Name and Password fields on the Post 
Office object’s Post Office Settings page, using the /user and /password startup switches, or 
using the /dn startup switch. 


If you want users to be able to retrieve individual items themselves, you can grant users Read, 
Write, and File Scan rights to the restore area. However, if the GroupWise client is unable to 
connect directly to the restore area, it requests the information from the POA, so user access 
rights are not required. 

11 Continue with Section 32.5.2, “Restoring a User’s Mailbox Items,” on page 415 or 
Section 32.5.3, “Letting Client Users Restore Their Own Mailbox Items,” on page 416 as 
needed. 


32.5.2 Restoring a User’s Mailbox Items 


After you have set up a restore area and placed a backup copy of a post office into it, you can restore 
a user’s mailbox items for the user. 
1 In ConsoleOne, browse to and select a User object for which you need to restore mailbox items. 
2 Click Tools > GroupWise Utilities > Backup/Restore Mailbox. 


The Restore tab is automatically selected for you, with the restore area and directory location 
displayed for verification. 


Backup/Restore Mailbox 


Object: Provo1 Development mpalu 
Restore Area: Dev Restore Area 
Path: JBD-NiWisys:gwsystemidevrestore 


Restore all messages for this user? 





3 Click Yes to restore the selected user’s mailbox items into his or her mailbox. 
4 Notify the user and explain the following about the restored items: 
+ The user might want to manually delete unwanted restored items. 


+ The user should file or archive the items that he or she wants within seven days. After 
seven days, unaccessed items are deleted after the amount of time allowed by existing 
auto-delete settings, as described in “Environment Options: Cleanup” on page 1057. If 
auto-deletion is not enabled, the restored items remain in the mailbox indefinitely. 
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32.5.3 Letting Client Users Restore Their Own Mailbox Items 


After you have set up a restore area and given client users access to it, users can selectively restore 
individual items into their mailboxes. This saves you the work of restoring mailbox items for users 
and it also saves users the work of deleting unwanted restored items. 


After a restore area has been set up: 


1 Inthe GroupWise client, click File > Open Backup. 
2 Browse to and select the restore area directory, then click OK. 


3 Inthe Password field, type your Group Wise password, then click OK to access the backup 
copy of your mailbox. 


4 Retrieve individual items as needed. 


The backup copy of your mailbox offers basic features such as Read, Search, and Undelete so 
that you can locate and retrieve the items you need. 


5 When you are finished restoring items to your live mailbox, click File > Open Backup again to 
remove the check mark from the Open Backup option and return to your live mailbox. 


32.6 Recovering Deleted GroupWise Accounts 


If you have a reliable backup procedure in place, as described in Chapter 31, “Backing Up 
Group Wise Databases,” on page 407, you can restore recently deleted GroupWise user and resource 
accounts. 


1 Make available a backup copy of a domain database (wpdomain . db) where the deleted 
GroupWise account still exists. 


2 In ConsoleOne, click Tools > GroupWise Utilities > Recover GroupWise Account. 


Recover GroupWise Account 


Recover GroupWise Account 


This advisor helps you recover a deleted GroupWise account 
from a backup copy of the GroupWise directory (primary domain 
database). 

© Once the account has been recovered, you can use the 

Il Backup/Restore Mailbox utility to restore the contents of the 

IA 8 mailbox from your backup system. 


Novell. 


+ (2 Backup Domain Path: 


G Account To Restore: 








Cancel Help 





3 Browse to and select the backup copy of the domain database. 
4 Select the user or resource that you need to recover the account for. 
5 Click Next. 


416 GroupWise 7 Administration Guide 


KS Recover GroupWise Account 


Additional Information 


Additional information for account: Provo2.Sales.smurphy 


Novell. 


Some of the information below will not be added to the account 
atthis time but can be added manually after the account has 
been recovered. 





Description 
(Custom Index Flag 1 a 
‘Source Post Office Finance 
‘Source Domain Waltham1 
Visibility System 
Total Mailbox tem Count 0 
User 
0 
smurphy 


4 
Last Move Modification Time Tuesday, February | 
4 » 
Save to clipboard 
< Back Cancel Help. 





6 If desired, click Save to Clipboard, paste it into a file, then save or print it. 
7 Click Next. 


Gg Recover GroupWise Account 


Summary 


The following account will be restored to the location listed: 


Novell. 


GroupWise AccountID: Provo2.Sales.smurphy 

Surname: Murphy 

Given Name: Samantha 

GroupWise File ID: ank 

GUID: 08F07740-020C-0000-B7C7-8D00C 
Visibility: 2 

eDirectory Tree: CORP_TREE 

eDirectory Context: Users.Docdey.Novell 


| 


To restore the account, click Finish. 


< Back Cancel He | 





8 Click Finish. 


10 


At this point, you have restored the user’s or resource’s GroupWise account into the 
GroupWise system. However, this does not restore ownership of resources, nor does the 
account’s mailbox contain any item at this point. 


If the restored user owned resources, manually restore the ownership, as described in 
Section 16.1, “Changing a Resource’s Owner,” on page 253 


To restore the contents of the account’s mailbox, follow the instructions in Section 32.5, 
“Restoring Deleted Mailbox Items,” on page 413. 
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Retaining User Messages 


Group Wise” enables you to retain user messages until they have been copied from message 
databases to another storage location. This means that a user cannot perform any action, such as 
emptying the mailbox Trash, that results in a message being removed from the message database 
before it has been copied. 


Message retention primarily consists of three activities: 1) not allowing users to remove messages 
until they have been retained, 2) retaining the messages by copying them from message databases to 
another location, and 3) time-stamping the retained messages so that they can be subsequently 
deleted. 


Group Wise supplies the ability to not allow users to remove messages until they’ve been retained. It 
also provides methods for message retention applications to securely access user mailboxes and 
copy messages. However, it does not provide the message retention application. You must develop 
or purchase a third-party (non-GroupWise) application that performs this service. 

+ Section 33.1, “How Message Retention Works,” on page 419 

+ Section 33.2, “Acquiring a Message Retention Application,” on page 421 


+ Section 33.3, “Enabling Message Retention,” on page 421 


33.1 How Message Retention Works 


To understand how message retention works, you need to understand what GroupWise does and 
what the message retention application does, as explained in the following sections: 


+ Section 33.1.1, “What GroupWise Does,” on page 419 
+ Section 33.1.2, “What the Message Retention Application Does,” on page 420 


33.1.1 What GroupWise Does 


During installation of the message retention application, the application uses the Group Wise Trusted 
Application API to create a trusted application record in the GroupWise system. The trusted 
application record includes a flag that designates it as a message retention application. This flag is 
surfaced through the trusted application’s Provides Message Retention Service setting in 
ConsoleOne (Tools > GroupWise System Operations > Trusted Applications > Edit). 


Figure 33-1 Edit Trusted Application Dialog Box with the Provides Message Retention Service Setting Turned On 


Edit Trusted Application 


Name: Message Retention Service 





Description: jää message retention service 


[ Requires SSL 








TCPAP Address: Z| 


Cancel Help 
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When ConsoleOne reads a trusted application record that has the Provides Message Retention 
Service setting turned on, it adds a Retention tab to the GroupWise Client Environment Options 
(Tools > GroupWise Utilities > Client Options > Environment). 


Figure 33-2 Environment Options Dialog Box with the Retention Tab Open 
Environment Options: Development 


General | Client Access Views 
File Location | Cleanup | Appearance Junk Mail 


- 5 | 


Description: 


Fiesta 





[Ex | Cancel Help 





You use this Retention tab to enable message retention at the domain, post office, or user level, 
meaning that you can enable it for all users in a domain, all users in a post office, or individual users. 


Turning on message retention alters the GroupWise client purge behavior by preventing a user from 
purging any messages from his or her mailbox that have not yet been retained. 


33.1.2 What the Message Retention Application Does 


Different message retention applications might vary slightly in their approach to retaining messages. 
This section provides a general approach to message retention. 


To determine whether or not mailbox messages have been retained, the message retention 
application adds a time stamp to the mailbox. The message retention application can use the 

Group Wise Object API or GroupWise IMAP support to write (and read) the time stamp. In addition, 
you can use the GroupWise Time Stamp Utility (page 448) to manually set the time stamp. 


The time stamp represents the most recent date and time that message retention was completed for 
the mailbox. Messages delivered after the time stamp cannot be purged until they have been 
retained. This requires that the message retention application retain items chronologically, oldest to 
newest. For example, assume a mailbox has a message retention time stamp of May 7, 2007 
12:00:00. The mailbox has three folders with a total of seven messages: 
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Figure 33-3 Three Folders with Seven Messages 


=} Folder 1 
À Message 1 May 5, 2007 10:03:00 
Message 2 May 7, 2007 15:22:00 
O Message 3 May 6, 2007 18:54:00 
CS Folder 2 

[O Message 4 May 7, 2007 8:34:00 
O Message5 May 7, 2007 16:59:00 
S- Folder 3 

O Message6 May6, 2007 14:23:00 
J Message? May 9, 2007 11:31:00 











The message retention application reads the existing time stamp (May 7, 2007 12:00:00) and selects 
atime between that time and the current time. For example, suppose the current time is May 9, 2007 
14:00:00. The message retention application could choose May 8, 2007 12:00:00 as the new time 
stamp. It would then retain any messages delivered between the existing time stamp (May 7, 2007 
12:00:00) and the new time stamp (May 8, 2007, 12:00:00). 


In the above example, messages 1, 4, and 6 are older than the existing time stamp (May 7, 2007 
12:00:00). The message retention application would not retain these messages again, assuming that 
they had already been safely retained. Messages 2 and 5 have dates that fall between the existing 
time stamp (May 7, 2007 12:00:00) and the new time stamp (May 8, 2007, 12:00:00) so they would 
be retained. Messages 3 and 7 have dates that fall after the new time stamp (May 8, 2007, 12:00:00) 
so they would not be retained until the next time the message retention application ran against the 
mailbox. 


33.2 Acguiring a Message Retention Application 


If you do not already have a message retention application to use with Group Wise, you have two 
options: 1) you can purchase an application from a GroupWise partner or 2) you can develop your 
own application. 


For information about Group Wise partners that provide message (e-mail) retention applications, see 
the Partner Product Guide (http://www.novell.com/partnerguide). 


For information about developing a message retention application, see the GroupWise Object API 
and GroupWise Trusted Application API documentation at the Novell Developer Kit Web site (http:/ 
/developer.novell.com/wiki/index.php/Category:Novell_Developer_Kit). 


33.3 Enabling Message Retention 


This section assumes that you’ve installed a message retention application as a GroupWise trusted 
application and that it is configured to provide a message retention service. If not, see Section 4.12, 
“Trusted Applications,” on page 69. 
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Message retention is not enabled until you designate the users whose messages you want retained by 
the application. You can designate users at the domain level, post office level, or individual user 
level. 


1 In ConsoleOne, right-click the domain, post office, or user for which you want to enable 
message retention, click GroupWise Utilities > Client Options to display the GroupWise Client 
Options dialog box. 


GroupWise Client Options 


Close 

9 — 
5 Hel 
Environment Send sl 


a g 


Security Date and Time 





2 Click Environment to display the Environment Options dialog box, then click the Retention tab. 


Environment Options: Development 


General | Client Access Views 
File Location | Cleanup | Appearance dunk Mail 


4 S| 





Description: 


EF 








ora | vee 





3 Turn on the Enable Message Retention Service setting. 
4 If you want to lock the setting at this level, click the Lock button. 


For example, if you lock the setting at the domain level, the setting cannot be changed for any 
post offices or users within the domain. If you lock the setting at the post office level, it cannot 
be changed individually for the post office’s users. 


This setting does not display in the GroupWise client. Therefore, there is no lock available 
when editing this setting for individual users. 


5 Click OK to save the changes. 
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Standalone Database Maintenance 
Programs 


Some aspects of GroupWise® database maintenance are performed by standalone maintenance 
programs that can be incorporated into batch files along with other system maintenance programs. 
+ Section 34.1, “GroupWise Check,” on page 423 
+ Section 34.2, “Target Service Agents,” on page 434 
+ Section 34.3, “GroupWise Time Stamp Utility,” on page 448 
+ Section 34.4, “GroupWise Database Copy Utility,” on page 455 


34.1 GroupWise Check 


Group Wise Check (GWCheck) is a tool provided for GroupWise to check and repair Group Wise 
user, message, library, and resource databases without using ConsoleOne®. In addition to checking 
post office, user, and library databases, it also checks users’ remote, caching, and archive databases. 


The GWCheck utility runs on Windows, Linux, and Macintosh. You should match the platform of 
GWCheck to the platform where the databases are located. Windows GWCheck processes databases 
on NetWare® and Windows. Linux GWCheck processes databases on Linux. Macintosh GWCheck 
processes databases on Macintosh. GWCheck should not be used to process databases that are 
located across a connection between different platforms (for example, between NetWare or 
Windows and Linux). 

+ Section 34.1.1, “GWCheck Functionality,” on page 423 

+ Section 34.1.2, “Using GWCheck on Windows,” on page 425 

+ Section 34.1.3, “Using GWCheck on Linux,” on page 426 

+ Section 34.1.4, “Using GWCheck on Macintosh,” on page 428 

+ Section 34.1.5, “Performing Mailbox/Library Maintenance Using GWCheck,” on page 429 

+ Section 34.1.6, “Executing GWCheck from a Windows Batch File,” on page 431 

+ Section 34.1.7, “Executing GWCheck from a Linux Script,” on page 432 

+ Section 34.1.8, “GWCheck Startup Switches,” on page 432 


34.1.1 GWCheck Functionality 


The GWCheck utility begins by comparing three databases. 
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Table 34-1 Three Databases That GWCheck Compares 


WPHOST.DB NGWGUARD.DB FILE SYSTEM 
The post office database 
(wphost . db) is checked for 
the file ID (FID) of the 


selected user. 


The guardian database 
(ngwguard. db) is checked to find 
out if this user database has been 
created. 


The file system for this post office is 
checked to see if the user database 
(userxxx. db) for this user exists. 


After GWCheck makes the database comparisons, it begins processing according to the databases 
selected and any inconsistencies found. 


Case 1 - Missing Entry in the Post Office Database (wphost.db) 


In this example, a contents check is run either against all users on the post office or against one user, 
“ABC.” GWCheck does not find the FID of one or more users. 


Table 34-2 Missing Entry in Wphost.db 


WPHOST.DB 
? 


No entry for this user is found in 
the post office database 
(wphost. db). 


NGWGUARD.DB 
userabc.db 


An entry is found in the guardian 
database (ngwguard. db), 
indicating that the user has been 


FILE SYSTEM 
userabc.db 


Also, a user database 
(userxxx. db) for this user is 
found in the ofuser directory. 


deleted. 


GWCheck removes the entry from ngwguard.db, deletes userabc. db and systematically 
deletes all of the user’s messages from the message databases that are not still being referenced by 
other users. If the user has been deleted, GWCheck cleans up after that user. 


WARNING: If a post office database becomes damaged so some users are unable to log in, 
GWCheck should not be run until the post office has been rebuilt. For more information, see 
Section 26.3, “Rebuilding Domain or Post Office Databases,” on page 381. 





Case 2 - Missing Entry in the Guardian Database (ngwguard.db) 


In this example, a GWCheck is run either against all users on the post office or against one user, 
“ABC.” A user’s FID is found and the user’s database is found in the post office, but the user is 
missing in ngwguard. db. 


Table 34-3 Missing Entry in Ngwguard.db 


WPHOST.DB NGWGUARD.DB FILE SYSTEM 


FID abc ? userabc.db 


The user appears in the post 
office database (wphost. db). 


The guardian database 
(ngwguard.db) shows no user 
database for this user. 


A user database (userxxx.db) for 
the user does exist in the ofuser 
directory. 
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GWCheck creates the user in ngwguard. db, using database userabc. db. Evenif 
ngwguard. db is damaged, it is unlikely that data is lost. 


Case 3 - Missing User Database (userxxx.db) 


In this example, a GWCheck is run either against all users on the post office or against one user, 
“ABC.” The user’s FID is found, as well as the user's record in ngwguard. db. However, the 
user’s database is not found. 


Table 34-4 Missing Entry in Userxxx.db 


WPHOST.DB NGWGUARD.DB FILE SYSTEM 

FID abc userabc.db ? 

The user is found in the post The user is found in the guardian No user database 

office database (wphost. db). database (ngwguard. db). (userxxx. db) is found in the 


ofuser directory. 


GWCheck takes action depending on what options are selected. 


Contents Check: GWCheck deletes all of this user’s messages from the message databases if they 
are not referenced by other users. 


Structural Rebuild: GWCheck creates a blank user database for this user. Existing messages for 
this user are ignored. 


Re-create User Database: GWCheck creates a blank user database for this user and populates it 
with messages in the message databases that have been sent to or from this user. 





WARNING: If a user database has been deleted, do not run a Contents Check until after a Structural 
Rebuild or Re-create User Database has been run for that user. For more information, see 

Section 27.2, “Performing a Structural Rebuild of a User Database,” on page 387 and Section 27.3, 
“Re-creating a User Database,” on page 388. 





34.1.2 Using GWCheck on Windows 


You can use GWCheck on any Windows NT/2000/XP workstation. 


As an administrator, you can run GWCheck for databases in any post office accessible from the 
workstation where GWCheck is installed. The GWCheck program performs all database 
maintenance itself, rather than handing off a task to the POA as ConsoleOne® would do to perform 
database maintenance. 


Depending on how GWCheck is installed, users can have a Repair Mailbox item on the GroupWise 
Windows client Tools menu that enables them to run GWCheck from the client. If the GWCheck 
program is available to users, users can perform database maintenance on their Remote, Caching, 
and archive mailboxes, which are not accessible from ConsoleOne. 


For the Repair Mailbox item to display on the GroupWise Windows client Tools menu, the 
following files must be installed in the GroupWise directory; by default, this is c:\novell\groupwise. 


* gwcheck.exe 
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+ gwchkxx.d11 (Replace xx with your language code) 


+ gwchkxx.chm (Replace xx with your language code) 


The Group Wise administrator can install these files by using SetupIP to install the GroupWise 
Windows client, and selecting to install and enable GWCheck. The default for SetupIP is to install 
GWCheck, but not enable GWCheck. The files are then copied to the 
\novell\groupwise\gwcheck directory. For additional information about SetupIP and 
GWCheck, see “[GWCheck]” on page 1090. 


If the client was installed from the installation program on the CD or the defaults are chosen for 
SetupIP, the client user needs to copy the files from the GWCheck directory 
(\novell\groupwise\gwcheck) to the main GroupWise directory 
(\novell\groupwise\). 














To run GWCheck: 
1 From the Start menu, click Run, then browse to and double-click gwcheck. exe. 


GroupWise Mailbox/Library Maintenance 7.0.1 (6/13/2006) 


Database Type Action: 
@ Post Office [Analyze/Fix Databases 





© Remote/Caching 
© Archive 


Structure 
T Index Check Jesse | 

Database Path: T Contents 
M r Benere. | 


Post Office Name: 


IV Fix problems Save... 





T Update user disk space totals 
Object Type Help 





© Post Office 


© User/Resource: 


C Library: 
Databases | Logging] Results | Misc | Exclude | 


IV User 


Options file: <default> IV Message 


T Document 








2 To view online help in GWCheck, click Help. 


3 Continue with Section 34.1.5, “Performing Mailbox/Library Maintenance Using GWCheck,” 
on page 429. 


34.1.3 Using GWCheck on Linux 


Two versions of GWCheck are available on Linux, one for a graphical user interface (GUI) 
environment and one for a text-only environment. 


+ “Using GUI GWCheck (gwcheck)” on page 426 
+ “Using Text-Based GWCheck (gwcheckt)” on page 427 


Using GUI GWCheck (gwcheck) 


You can use GUI GWCheck on any Linux workstation where you can run the Cross-Platform client. 
By default, GWCheck is installed with the client when using the Group Wise installation program. If 
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you installed the GroupWise Cross-Platform client manually from the RPM, you must install 
GWCheck manually. 


1 Change to the directory where the GWCheck RPM is located or copy it to a convenient location 
on your workstation. 


The GWCheck RPM (groupwise-gwcheck-version-mmdd.1386.rpm) is located in the / 
client and /admin directories in your GroupWise software distribution directory if it is has 
been updated or on the Group Wise 7 Administrator for Linux CD if an updated software 
distribution directory is not available. 


2 Install GWCheck. 





















































rpm -i groupwise-gwcheck-version-mmdd.i386.rpm 
3 Change to the /opt/novell/groupwise/gwcheck/bin directory. 
4 Enter . /gwcheck to start GWCheck. 
#7 Novell GroupWise Ma 
Database Type Action: 
omaamme Analyze/ Fix Databases | 
a Close 
vi Structure — 
© Caching C1 Index check Retrieve... 
[7 Contents < 
© Archive ] Colle t tic Save... 
[vi Fix problems 
[C Update user disk space totals Help 
Database Path 
Post Office Name 
Object Type 
(= Post Office 
© Users/Resourc... | Databases | Logging | Results | Misc | Exclude | 
© Libraries Mi User 
[Vi Message 
[7 Document 
Options file: <defau... 

















5 To view online help in GWCheck, click Help. 
6 Continue with Performing Mailbox/Library Maintenance Using GWCheck. 


Using Text-Based GWCheck (gwcheckt) 


You can use text-based GWCheck in any environment where the X Window System is not available, 
such as on a text-only server where a post office and its POA are located. However, you must use 
GUI GWCheck to create an options file before you can run text-based GWCheck. 


1 Installand run GUI GWCheck in a convenient location, as described in “Using GUI GWCheck 
(gwcheck)” on page 426. 


2 Select the maintenance activities that you want GWCheck to perform, as described in 
Section 34.1.5, “Performing Mailbox/Library Maintenance Using GWCheck,” on page 429. 


3 Save the settings you selected in an options file, as described in “Saving Mailbox/Library 
Maintenance Options” on page 431. 
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The default options filename is gwcheck. opt. By default, it is saved in your home directory, 
but you can select a different filename and directory as needed when you save the file. 


4 Copy the GWCheck RPM to a convenient location on the text-only server. 
5 Install GWCheck on the text-only server. 
rpm -i groupwise-gwcheck-version-mmdd.i386.rpm 


6 Copy the GWCheck options file you created in Step 3 to a convenient location on the text-only 
SETVET. 


7 Change to the /opt/novell/groupwise/gwcheck/bin directory. 
8 Enter ./gwcheckt options file to run text-based GWCheck. 


If you did not copy the options file to your home directory on the text-only server, specify the 
full path to the options file. 


Over time, a collection of options files might accumulate. To see what maintenance activities a 
specific options file performs, use ./gwcheckt options file --dump. 


34.1.4 Using GWCheck on Macintosh 


You can use GWCheck on any Macintosh workstation where you can run the Cross-Platform client. 
By default, GWCheck is installed along with the client. 


1 Ina terminal window, change to the ~/Desktop/GroupWise.app/Contents/ 
Resources/gwcheck directory. 


2 Enter . /gwcheck to start GWCheck. 





















































83 Novell GroupWise Ma 
Database Type AEA 
Post office Analyze/ Fix Databases x| 
= Close 
vi Structure 
© Caching [] Index check Retrieves, 
[7 Contents 
© Archive ] Collect statistic Save... 
[vi Fix problems 
x 7 Help 
_] Update user disk space totals = 
Database Path 
al 
Post Office Name 
Object Type 
( Past Office 
© Users/Resourc.. ( Databases | Logging | Results | Misc | Exclude | 
© Libraries i User 
[vi Message 
[7 Document 
Options file: <defau... 




















3 To view online help in GWCheck, click Help. 
4 Continue with Performing Mailbox/Library Maintenance Using GWCheck. 
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34.1.5 Performing Mailbox/Library Maintenance Using 
GWCheck 


With only a few differences in interface functionality, as described in the online help, you can 
perform the same maintenance activities in GWCheck as you can in Mailbox/Library Maintenance 
in ConsoleOne: 

+ “Using Mailbox/Library Maintenance Tab Options” on page 429 

+ “Reusing Library/Mailbox Maintenance Settings” on page 431 


Using Mailbox/Library Maintenance Tab Options 


Both GWCheck and Mailbox/Library Maintenance in ConsoleOne use tab options to control the 
checking process. 

+ “Databases” on page 429 

+ “Logging” on page 429 

+ “Results” on page 430 

+ “Misc” on page 430 

+ “Exclude” on page 430 


Databases 


To select the types of database to perform the Mailbox/Library Maintenance check on, click 
Databases. 


Figure 34-1 Databases Tab in the Mailbox/Library Maintenance Dialog Box 


Databases | Logging | Resuits | Mise | Exclude | 
User 
IV Message 


T Document 





Depending on the object type and action already selected in the main window, some database types 
might be unavailable. If all the database types are unavailable, then one or more database types have 
been preselected for you. 


You can perform an action on the following databases when the type is not unavailable: 


+ User: Checks the user databases. 
+ Message Databases: Checks the message databases. 


+ Document: Checks the library and document properties databases. 


Logging 


To specify the name of the file where you want the results of the MailBox/Library Maintenance 
check to be stored, click Logging. 
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Figure 34-2 Logging Tab in the Mailbox/Library Maintenance Dialog Box 


Databases Logging | Resutts | Misc | Exclude | 


Log File: 


I Verbose logging 





Specify a filename. By default, the file is created in the post office directory\wpcsout\ofs directory. 


Click Verbose Logging to log detailed information. Verbose logging might produce large log files 
and slow execution. 


This file is sent to the users selected on the Results tab. 


Results 


To select users to receive the results of the Mailbox/Library Maintenance check, click Results. 


Figure 34-3 Results Tab in the Mailbox/Library Maintenance Dialog Box 


Databases | Logging Results | mise | Exclude | 
Send resultsta: |V Administrator 1° Individual users 





cc: | 


Message... 





Select Administrator to send the results to the user defined as the Group Wise domain administrator. 
Select Individual Users to send each user the results that pertain to him or her. Click Message to 
include a message with the results file. 


Misc 


If you need to run a Mailbox/Library Maintenance check with special options provided by Novell? 
Support, click Misc. 


Figure 34-4 Misc. Tab in the Mailbox/Library Maintenance Dialog Box 


Databases | Logging | Results Misc | Exciude | 


Support options: 








Use the Support Options field to specify command line parameters. Support options are typically 
obtained from Novell Support representatives when you need assistance resolving specific database 
problems. Search the Novell Support Knowledgebase (http://www.novell.com/support) for TIDs 
and Support Pack Readmes that list support options. Make sure that you clearly understand what the 
Support options do before you use them. 


Exclude 


If you want to exclude certain users in the selected post office from having the Mailbox/Library 
Maintenance check performed on their databases, click Exclude. 
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Figure 34-5 Exclude Tab in the Mailbox/Library Maintenance Dialog Box 


Databases | Logging | Results | Misc Exclude | 











Click Add, select one or more users to exclude, then click OK. 


Reusing Library/Mailbox Maintenance Settings 


For convenience, you can store the options you select in Mailbox/Library Maintenance and 
GWCheck so that you can retrieve them for later use. 

+ “Saving Mailbox/Library Maintenance Options” on page 431 

+ “Retrieving Mailbox/Library Maintenance Options” on page 431 


Saving Mailbox/Library Maintenance Options 
1 After you have selected all of the options in the Mailbox/Library Maintenance dialog box, click 
Save. 
2 Browse to the directory where you want to save the options file. 
3 Specify a filename if you do not want to use the default of gwcheck . opt. 
4 Click Save. 


Retrieving Mailbox/Library Maintenance Options 


1 Inthe Mailbox/Library Maintenance dialog box, click Retrieve. 
2 Browse to and select your saved options file. 
3 Click Open. 


34.1.6 Executing GWCheck from a Windows Batch File 


The GWCheck program is located in the \admin\utilities\gwcheck directory in your 
GroupWise software distribution directory if'it has been updated or on the GroupWise 7 
Administrator for NetWare/Windows CD ifan updated software distribution directory is not 
available. It might also be installed along with the GroupWise client software in the gwcheck 
subdirectory of the client installation directory. 


1 Use the following syntax in a batch file for running GWCheck: 
gwcheck /opt-options file /batch 


If you want to include the path to an archive database, use the /pa switch. 


2 To create an options file, see “Saving Mailbox/Library Maintenance Options” on page 431. 
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34.1.7 Executing GWCheck from a Linux Script 


The GWCheck program is located in the /admin directory in your GroupWise software 
distribution directory if it has been updated or on the GroupWise 7 Administrator for Linux CD if an 
updated software distribution directory is not available. 


1 Make sure that GWCheck has been installed, as described in Section 34.1.3, “Using GWCheck 
on Linux,” on page 426 


2 Create a script to execute GWCheck using the following syntax: 


/opt/novell/groupwise/gwcheck/bin/gwcheck --opt options file 
--batch 


If you did not create the options file in your home directory, specify the full path to the options 
file. 


If you want to include the path to an archive database, use the --pa switch. 


3 To create an options file, see “Saving Mailbox/Library Maintenance Options” on page 431. 


34.1.8 GWCheck Startup Switches 


The following startup switches can be used with GWCheck: 


Linux GWCheck Windows GWCheck 
--batch /batch 

--lang Nang 

--opt /opt 

--pa /pa 

--pr /pr 

/batch 


Indicates that you want to run GWCheck without a user interface. Because you do not provide the 
desired options from the interface, you must provide an options file. 


Linux GWCheck Windows GWCheck 


Syntax: --batch /batch 
For example, to specify that you want GWCheck to run in batch mode, you would use: 


Linux: ./gwcheck --opt gwcheck.opt --batch 


Windows: gwcheck /opt-gwcheck.opt /batch 
Ilang 


Specifies the language to run GWCheck in, using a two-letter language code as listed below. You 
must install GWCheck in the selected language in order for it to display in the selected language. 
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Linux GWCheck Windows GWCheck 


Syntax: --lang code lang code 


The table below lists the valid language codes. Contact your local Novell sales office for 
information about language availability. 


Language ro aid Language a page 
Arabic AR Hungarian MA 
Chinese-Simplified CS Italian IT 
Chinese-Traditional CT Japanese NI 
Czechoslovakian CZ Korean KR 
Danish DK Norwegian NO 
Dutch NL Polish PL 
English-United States US Portuguese-Brazil BR 
Finnish SU Russian RU 
French-France FR Spanish ES 
German-Germany DE Swedish SV 
Hebrew HE 


For example, to specify that you want GWCheck to run in Spanish, you would use: 


Linux: ./gwcheck --opt gwcheck.opt --lang es 


Windows: gwcheck /opt-gwcheck.opt /lang-es 


lopt 


Specifies a database maintenance options file created in a GWCheck session. This starts GWCheck 
with the same options settings as the session in which the options file was created. Ifthe options file 
is located in the same directory as the GWCheck program, you can specify just the filename. If it is 
in a different directory, you must specify the full pathname. 


Linux GWCheck Windows GWCheck 


Syntax: --opt file /opt-file 
For example, to start GWCheck with saved settings, you would use: 


Linux: -/gwcheck --opt gwcheck.opt 
./gwcheck --opt /gwsystem/post1/gwcheck.opt 
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Windows: gwcheck /opt-gwcheck.opt 
gwcheck /opt-\gwsystem\posti\gwcheck.opt 
Ipa 


Specifies the path to an archive mailbox. 


Linux GWCheck Windows GWCheck 
Syntax: --pa path /pa-path 
For example, to specify the archive mailbox that a user keeps is his or her home directory, you 
would use: 


Linux: ./gwcheck --opt gwcheck.opt --pa /home/gsmith\of7bharc 


Windows: gwcheck /opt-gwcheck.opt /pa-\home\gsmith\of7bharc 


lpr 


Specifies the path to a Remote mailbox. 


Linux GWCheck Windows GWCheck 


Syntax: --pr path /pr-path 


For example, to specify the Remote mailbox that a user keeps on a computer at home, you would 
use: 


Linux: ./gwcheck --opt gwcheck.opt --pr /novell/groupwise\of7bharc 


Windows: gwcheck /opt-gwcheck.opt /pa-\novell\groupwise\of7bharc 


34.2 Target Service Agents 


A Target Service Agent (TSA) helps generic backup software back up specialized data located on 
any “target.” A target is a specific location where data is stored, such as a NetWare® file system, a 
Linux file system, an eDirectory™ database, or a collection of Group Wise databases. A target could 
also be an application that provides data to be backed up. A TSA is specialized to scan, read, and 
write the specific types of data available at the target. A TSA serves as an intermediary between 
specific data types and a general backup engine. 


+ GroupWise Target Service Agent (GWTSA) has long been included with GroupWise and 
must be used to back up GroupWise data stored on NetWare 5.1 servers. It is specialized to 
back up specific GroupWise data types, such as domains and post offices. 


+ GroupWise Target Service Agent for File Systems (TSAFSGW) is available on NetWare 
6.x (but not on earlier versions of NetWare) and on Linux. It builds on the capabilities of the 
standard Target Service Agent for File Systems (TSAFS) to provide more robust GroupWise 
backup capabilities. 
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Select the Target Service Agent appropriate for your operating system: 


+ Section 34.2.1, “GroupWise Target Service Agent (GWTSA) for NetWare 5.1,” on page 435 


+ Section 34.2.2, “GroupWise Target Service Agent for File Systems (TSAFSGW) for NetWare 
6.x/OES and Linux,” on page 439 


34.2.1 GroupWise Target Service Agent (GWTSA) for NetWare 
5.1 


The GroupWise Target Service Agent (GWTSA) provides reliable backups of a running GroupWise 
system on NetWare 5.1 by successfully backing up open files and locked files, rather than skipping 
them. 

+ “GWTSA Functionality” on page 435 

+ “Running GWTSA” on page 436 

+ “GWTSA Startup Switches” on page 438 





IMPORTANT: Unless you are running GroupWise on NetWare 5.1, do not use GWTSA. Use 
TSAFS and TSAFSGW for superior performance. 


GWTSA Functionality 


The GroupWise Target Service Agent (GWTSA) works with other backup software on NetWare. 
For a complete and current list of compatible backup software, use the Partner Product Guide (http:/ 
/www.novell.com/partnerguide). 


GWTSA has no user interface of its own, but its presence running along with other backup software 
provides GroupWise options in the backup software that would not otherwise be available. As a 
Target Service Agent, GWTSA supports any feature that your backup software supports. So if your 
backup software supports full, incremental, and differential backups or working set and copy jobs, 
so does GWTSA. 


GWTSA backs up standard GroupWise directories and files; extra directories and files that appear 
within a standard GroupWise directory structure are not backed up by GWTSA. The table below 
lists the directories and files that are backed up by GWTSA. 


Table 34-5 Files and Directories Backed Up by GWTSA 


GroupWise Directories Subdirectories/Files 
Location Backed Up 


Domain domain directory wpdomain.db 
wpdomain.dc 
wphost.dc 
gwdom.dc 
gwpo.dc 
mtaname 


domain directory\wpgate async 
gwia 
webac70a 
etc. 


Standalone Database Maintenance Programs 


435 


GroupWise Subdirectories/Files 


Location Directories Backed Up 
Post Office post_office_directory wphost.db 
ngwguard.db 
ngwguard.dc 
ngwguard.rfl 
ngwguard.fbk 
ngwcheck.db 
ngwcheck.log 
gwpo.dc 
post office directory\gwdms dmsh.db 
post office directory\gwdms\library direc *.db 
tory archive\*.* 
docs\*.* 
post office directory\offiles Fu 
post office directory\ofmsg Es 
post office directory\ofmsg\guardbak ngwguard. fbk 
post_office directory\ofuser userxxx.db 
post office directory\ofuser\index *.idx 
* int 
post office directory\ofviews\win *.vew 
*.ini 
Library library directory *.db 
(Document archive\*.* 
Storage Area) docs\*.* 


To see directory structure diagrams showing where the files are located, see “Domain Directory” 
and “Post Office Directory” in GroupWise 7 Troubleshooting 3: Message Flow and Directory 
Structure. 


GWTSA automatically time-stamps all backed-up user databases (userxxx. db), so that the Allow 
Purge of Items Not Backed Up option described in “Environment Options: Cleanup” on page 1057 
can function to safeguard users’ deleted items against being purged from your GroupWise system 
before they have been backed up. 





IMPORTANT: If you decide not to use GWTSA, user databases must be time-stamped as a 
separate process in order for the purge control environment option to work properly. For 
instructions, see Section 34.3, “GroupWise Time Stamp Utility,” on page 448. 





Running GWTSA 


GWTSA should be used on NetWare 5.1 only. The gwtsa.n1m program file is automatically 
installed along with the GroupWise agents (POA and MTA). 


During agent installation, a gwtsa.ncf file is created in the directory where you installed the 
agents. By default, it loads gwtsa.n1m and provides a /home switch for each domain and post 
office you selected to be serviced by the MTA and POA. For example: 
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Syntax: 


load sys:\system\gwtsa /home-domain directory 
/home-post office directory 


Example: 


load sys:\system\gwtsa /home-sys:\gwsystem\provol 
/home-sys:\gwsystem\dev 





NOTE: The example is formatted for readability. In the gwtsa.ncf file, the command is a single 
line of text. 





You can add additional instances of the /home switch to back up more domains and post offices. 


Syntax: 
load sys:\system\gwtsa /home-domain directory 
/home-domain directory 
/home-post office directory 
/home-post office directory 
/home-post office directory 


Example: 
load sys:\system\gwtsa /home-sys:\gwsystem\provol 
/home-sys:\gwsystem\provo2 
/home-sys: \gwsystem\dev 
/home-sys:\gwsystem\sales 
/home-sys:\gwsystem\research 








NOTE: The example is formatted for readability. In the gwtsa.ncf file, the command is a single 
line of text. 





You can also add instances of the /home switch to point to restore areas for post offices or to other 
temporary locations where you want to restore data. 


By default, GWTSA places temporary files in the sys: \system\temp directory during the 
backup process. This minimizes the time that the backup process locks the live GroupWise 
databases so that the GroupWise agents continue to run smoothly during the backup. If necessary, 
use the /tempdir switch to specify an alternate location where more disk space is available for 
temporary files. Additional configuration of GWTSA can be done using other startup switches. See 
“GWTSA Startup Switches” on page 438 for a complete list. 


To start GWTSA immediately: 
1 Run the gwtsa.ncf file at the NetWare server console. 
To start GWTSA automatically each time you restart the server: 
1 Adda gwtsa.ncf line to the autoexec.ncf file. 


With GWTSA running, you are ready to back up GroupWise data with Novell Storage Management 
Services™ (SMS), as described in Backup and Restore Services (Storage Management Services) on 
the NetWare 5.1 Documentation Web site (http://www.novell.com/documentation/nw51), and 
compatible backup software, as listed in the Partner Product Guide (http://www.novell.com/ 
partnerguide). 
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Backing Up Remote Domains and Post Offices 

If the domains and post offices to back up are located on a different server from where the 
GroupWise agents run, you must copy GWTSA (gwtsa.n1m), along with the GroupWise agent 
engine (gwenn5.n1m), to the server where the data resides and run it there. 


GWTSA Startup Switches 
The following startup switches can be used with GWTSA: 


/home 
oil 

/log 
/tempdir 
/vserver 


/home 


Specifies the GroupWise location to back up or restore to. Multiple instances of the /home switch 
are typical. Use a /home switch for each domain and post office to back up. Also use a /home switch 
for each post office restore area and any other temporary location to which you want to restore 
Group Wise data outside the standard Group Wise directory structure. 


Example: 
/home-sys:\gwsystem\dev 


MN 


Sets the log level to determine how much information is written to GWTSA log file. Use n for 
Normal and v for Verbose. 


Example: 
/Il-v 


/log 


Turns on logging and displays a logging screen. By default, logging is turned off. When you turn 
logging on, a gwtsa.log file is created in the sys: \system\tsa directory. 


Example: 
/log 


/tempdir 


Specifies where GWTSA places its temporary files during the backup process. The default is the 
sys:\system\tsa\temp directory. 


Example: 
/tempdir-vol1:\temp 


/vserver 


Specifies the name of a virtual server in a NetWare cluster. See “Backing Up a GroupWise System in 
a NetWare Cluster” in “Novell Cluster Services on NetWare” in the GroupWise 7 Interoperability 
Guide. 


438 GroupWise 7 Administration Guide 


34.2.2 GroupWise Target Service Agent for File Systems 
(TSAFSGW) for NetWare 6.x/OES and Linux 


The GroupWise Target Service Agent for File Systems (TSAFSGW) builds on the standard 
capabilities of the Target Service Agent for File Systems (TSAFS) to provide robust GroupWise 
backup capabilities. It functions like a GroupWise-specific translator between the standard 
capabilities of TSAFS and the standard capabilities of your backup software of choice. 

+ “System Requirements” on page 439 

+ “TSAFS Functionality” on page 439 

+ “TSAFSGW Functionality” on page 440 

+ “NetWare: Running TSAFS and TSAFSGW” on page 441 

+ “Linux: Running TSAFS and TSAFSGW” on page 444 

+ “TSAFSGW Startup Switches” on page 447 


System Requirements 


TSAFS and TSAFSGW are available on NetWare 6.x and Novell Open Enterprise Server (OES) 
NetWare. They are also available with the Storage Management Services (SMS) package on SUSE® 
Linux Enterprise Server (SLES) 9 and OES Linux. 


TSAFS Functionality 


The latest version of Target Service Agent for File Systems (TSAFS) includes enhancements that 
earlier versions of TSAFS did not include: 


¢ Supports GroupWise database lock/backup/unlock functionality so that you can back up a 
running Group Wise system 


+ Provides time stamping of GroupWise 6.5.3 and later user databases (userxxx.db), so that 
the Allow Purge of Items Not Backed Up option described in “Environment Options: Cleanup” 
on page 1057 can function to safeguard users’ deleted items against being purged from your 
Group Wise system before they have been backed up 





IMPORTANT: If you decide not to use TSAFS, user databases must be time-stamped as a 
separate process after you run your backups in order for the Allow Purge of Items Not Backed 
Up option described in Section , “Environment Options: Cleanup,” on page 1057 to work 
properly. For instructions, see Section 34.3, “GroupWise Time Stamp Utility,” on page 448. 





+ Supports backups of clustered servers so that the backup job continues on failover 
+ Uses a read-ahead, data caching mechanism to improve backup performance 
Make sure you have the latest version of TSAFS for your operating system. 
NetWare: The latest version of TSAFS ships with NetWare and its Support Packs. Updates to SMS 
and TSAFS that occur between NetWare Support Packs can be downloaded from the 


Novell Support Web site (http://www.novell.com/support/supportcentral). Search for 
tsa5up??.exe to find the latest version. 


Linux: The latest version of TSAFS ships with OES Linux and GroupWise 7.x. 


Standalone Database Maintenance Programs 439 


For complete details about TSAFS on NetWare and Linux, see the Storage Management Services 
Administration Guide on the Novell Open Enterprise Server Documentation Web site (http:// 
www.novell.com/documentation/oes). You can use TSAFS as it ships with your operating system to 
back up GroupWise data, or you can enhance its functionality by using TSAFSGW along with it. 


TSAFSGW Functionality 


TSAFS for GroupWise (TSAFSGW) works with TSAFS and other backup software on NetWare 
and Linux. For a complete and current list of compatible backup software, use the Partner Product 
Guide (http://www.novell.com/partnerguide). 


Like TSAFS, TSAFSGW has no user interface of its own, but its presence running along with other 
backup software provides GroupWise options in the backup software that would not otherwise be 
available. As a Target Service Agent, TSAFSGW supports any feature that your backup software 
supports. So if your backup software supports full, incremental, and differential backups or working 
set and copy jobs, so does TSAFSGW. If TSAFS is not already running when you start TSAFSGW, 
TSAFSGW starts it for you. 


TSAFSGW backs up all directories and files at the locations you specify using the /home switch 
when you start TSAFSGW. The table below lists the standard Group Wise directories and files that 
you want to have backed up by TSAFSGW. 


Table 34-6 Files and Directories Backed Up by TSAFSGW 


GroupWise Directories Subdirectories/Files 
Location Backed Up 


Domain domain directory wpdomain.db 
wpdomain.dc 
wphost.dc 
gwdom.dc 
gwpo.dc 
mtaname 


domain directory\wpgate async 
gwia 
webac70a 
etc: 
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GroupWise Directories Subdirectories/Files 
Location Backed Up 


Post Office post_office_directory wphost.db 
ngwguard.db 
ngwguard.dc 
ngwguard.rfl 
ngwguard.fbk 
ngwcheck.db 
ngwcheck.log 


gwpo.dc 
post office directory\gwdms dmsh.db 
post office directory\gwdms\ *.db 
library directory archive\*.* 
docs\*.* 
post office directory\offiles Rux 
post office directory\ofmsg Ku 
post office directory\ofmsg\guardbak ngwguard.fbk 
post_office directory\ofuser userxxx.db 
post office directory\ofuser\index *.idx 
*.inc 
post office directory\ofviews\win *.vew 
*.ini 
Library library directory *.db 
(Document archive\*.* 
Storage Area) docs\*.* 


To see directory structure diagrams showing where the files are located, see “Domain Directory” 
and “Post Office Directory” in GroupWise 7 Troubleshooting 3: Message Flow and Directory 
Structure. 


To to keep unnecessary files from being backed up, you should configure your backup software to 
exclude the following file types from the backup: 


+ Agent log files (for example, ????mta.??? to exclude files such as 0518mta.001 and 
2??? ?poa.??? to exclude files such as 0518poa. 001) 


+ Timing files used by the Internet Agent (proc and pulse.tmp) 


+ Attachments that are being written during the backup (locked files under the of files 
directory in the post office cannot be excluded but error messages generated by them can be 
ignored) 


NetWare: Running TSAFS and TSAFSGW 


+ “Running TSAFS on NetWare” on page 441 
+ “Running TSAFSGW on NetWare” on page 442 


Running TSAFS on NetWare 


To run TSAFS with GroupWise functionality: 
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1 At your NetWare server console, unload TSAFS. 


2 Use the following command to start TSAFS with Group Wise functionality: 
load tsafs /EnableGW=True 





The switch setting is saved in a configuration file (sys: \etc\sms\tsa.cfqg), so that you 
do not need to include the switch when you load tsafs.nlm in the future. 

If you need to run TSAFS without GroupWise functionality in the future, unload TSAFS, then 
reload using: 

load tsafs /EnableGW=False 





3 To verify that TSAFS is running with GroupWise functionality, use the following command: 
tsafs 


4 Scroll down to the /EnableGW entry and look for a value of True. 


5 Ifyou want to start TSAFS automatically each time you restart the server, load tsafs.nlmin 
the autoexec.ncf file. 





NOTE: Starting with NetWare 6.5 Support Pack 4, Group Wise functionality is always enabled 
and you do not need to use the /EnableGW switch. 


6 Continue with “Running TSAFSGW on NetWare” on page 442. 


Running TSAFSGW on NetWare 


The tsafsgw.nlm program file is automatically installed along with the Group Wise agents (POA 
and MTA). During agent installation, a tsa fsgw .ncf file is created in the directory where you 
installed the agents. By default, it loads tsafsgw.n1m and provides a /home switch for each 
domain and post office you selected to be serviced by the MTA and POA. For example: 


Syntax: 


load sys:\system\tsafsgw /home-domain directory 
/home-post office directory 


Example: 


load sys:\system\tsafsgw /home-sys:\gwsystem\provol 
/home-sys:\gwsystem\dev 





NOTE: The example is formatted for readability. In the tsafsgw.ncf file, the command is a 
single line of text. 





You can add additional instances of the /home switch to back up more domains and post offices. 


Syntax: 
load sys:\system\tsafsgw /home-domain directory 
/home-domain directory 
/home-post office directory 
/home-post office directory 
/home-post office directory 


Example: 
load sys:\system\tsafsgw /home-sys:\gwsystem\provol 
/home-sys:\gwsystem\provo2 

/home-sys:\gwsystem\dev 
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/home-sys:\gwsystem\sales 
/home-sys:\gwsystem\research 





NOTE: The example is formatted for readability. In the tsafsgw.ncf file, the command is a 
single line of text. 





For each /home switch that specifies a Group Wise domain or post office directory, TSAFSGW can 
determine what types of GroupWise objects are available at that location. TSAFSGW recognizes 
four Group Wise object types: 


+ Domain [DOM] 

+ Post office [PO] 

¢ Library [DMS] (for “document management services”) 

+ Remote document storage area [BLB] (for “blob,” meaning a compressed document file) 
For example, if you provide a /home switch pointing to a directory that contains a post office named 
Development, and if this post office has two libraries named Design (located in the 1160001 
subdirectory of the post office) and Training (located in the 1160002 subdirectory of the post 
office), and if the libraries store documents in storage areas at \gwdms\design store and 


\gwdms\training store, TSAFSGW can provide the following list of directory names to 
your backup program for display: 


[PO] development 
[DMS] 1160001 

[BLB] design store 
[DMS] 1160002 

[BLB] training store 





You can then easily select what you want to back up. 


You can also add instances of the /home switch to point to restore areas for post offices or to other 
temporary locations where you want to restore data. 


By default, TS AFSGW copies each database to back up into the sys: \system\tsa\temp 
directory during the backup process. Because it takes less time to copy each database than it does to 
transfer it to the backup medium, this procedure minimizes the time that the backup process locks 
each live Group Wise database. Therefore, the Group Wise agents can continue to run smoothly 
during the backup. If necessary, use the /tempdir switch to specify an alternate location where more 
disk space is available. You need sufficient disk space to accommodate the largest database, but not 
the entire domain or post office. 


To start TSAFSGW immediately: 
1 Runthe tsafsgw.ncf file at the NetWare server console. 
To start TSAFSGW automatically each time you restart the server: 
1 Addatsafsgw.ncf line to the autoexec.ncf file. 


With TSAFSGW running, you are ready to back up GroupWise data with Novell Storage 
Management Services (SMS), as described in Storage Management Services Administration Guide 
on the Novell Open Enterprise Server Documentation Web site (http://www.novell.com/ 
documentation/oes), and compatible backup software, as listed in Partner Product Guide (http:// 
www.novell.com/partnerguide). 
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Backing up Remote Domains and Post Offices 


If the domains and post offices to back up are located on a different server from where the 
Group Wise agents run, you must copy TSAFSGW (tsafsgw.n1m), along with the GroupWise 
agent engine (gwenn5 .n1m), to the server where the data resides and run it there. 


Linux: Running TSAFS and TSAFSGW 


+ “Running TSAFS on Linux” on page 444 
+ “Running TSAFSGW on Linux” on page 445 


Running TSAFS on Linux 
TSAFS might already be available on your Linux server. 
+ Ifyou are running OES Linux, TSAFS was installed along with the novell-sms package 
when you installed OES Linux. 


+ Ifyou are running SLES 9, you can copy the novell-sms RPM from the agents/linux 
directory of the GroupWise 7 Administrator for Linux CD or from the GroupWise software 
distribution directory to the server where you want to set up backups, then use the following 
command to install it on SLES 9: 
rpm -ivh novell-sms-1.0.0-nn.1586.rpm 
After the novel 1-sms package is installed, use the following command to start the smdr 
daemon: 

/etc/init.d/novell-smdrd start 
To verify that the daemon is running, use the following command: 
/opt/novell/sms/bin/smsconfig -t 


When you install the novell-sms package, your system is configured to start the smdr 
daemon automatically each time your system restarts. 


To run TSAFS with GroupWise functionality: 


1 Make sure you are logged in as root. 


2 Change to the directory where the SMS executables are located. 
cd /opt/novell/sms/bin 


3 Stop TSAFS. 
./smsconfig -u tsafs 


4 Start TSAFS with GroupWise functionality. 
./smsconfig -l tsafs --EnableGW 





5 To verify that TSAFS is running with GroupWise functionality, use: 
./smsconfig -t 


Results should include: 


The loaded TSAs are: 
tsafs --EnableGW 








NOTE: On the latest version of Novell Open Enterprise Server, GroupWise functionality is 
always enabled and you do not need to use the --EnableGW switch. 





6 To make GroupWise functionality the default, modify the SMS configuration file: 
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Ga Change to the directory where the SMS configuration file is located. 


cd /etc/opt/novell/sms 


6b Ina text editor, open the smdrd. conf file. 


6c Change the following line: 


autoload: tsafs 


to: 





autoload: tsafs --EnableGW 


6d Save the file and exit. 


7 Continue with Running TSAFSGW on Linux. 


Running TSAFSGW on Linux 


Because TSAFSGW depends on SMS, you use the snsconfig command in the /opt/novell/ 
sms/bin directory, along with one or more --home switches, to specify the domains and post 


offices to back up. 


1 Make sure you are logged in as root. 


2 Change to the directory where the SMS executables are located: 


cd /opt/novell/sms/bin 


3 Use the following command to specify GroupWise locations to back up: 


Syntax: 
./smsconfig -1 tsafsgw --home 
--home 
Example: 


./smsconfig -l tsafsgw --home 
--home 


/domain directory 
/post office directory 


/gwsystem/provol 
/gwsystem/dev 





NOTE: The example is formatted for readability. The command is a single line of text. 


You can add additional instances of the --home switch to back up more domains and post 


offices. 
Syntax: 
./smsconfig -l tsafsgw --home 
--home 
--home 
--home 
--home 
Example: 
./smsconfig -l tsafsgw --home 
--home 
--home 
--home 
--home 





/domain directory 
/domain directory 
/post office directory 
/post office directory 
/post office directory 


/gwsystem/provol 
/gwsystem/provo2 
/gwsystem/dev 
/gwsystem/sales 
/gwsystem/research 





NOTE: The example is formatted for readability. The command is a single line of text. 
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For each --home switch that specifies a Group Wise domain or post office directory, TSAFSGW 
can determine what types of GroupWise objects are available at that location. TSAFSGW 
recognizes four Group Wise object types: 

+ Domain [DOM] 

+ Post office [PO] 

+ Library [DMS] (for “document management services”) 

+ Remote document storage area [BLB] (for “blob,” meaning a compressed document file) 
For example, if you provide a --home switch pointing to a directory that contains a post office 
named Development, and if this post office has two libraries named Design (located in the 
1ib0001 subdirectory of the post office) and Training (located in the 1160002 subdirectory 
of the post office), and if the libraries store documents in storage areas at /gwdms / 
design store and /gwdms/training store, TSAFSGW can provide the following 
list to your backup program for display: 

[PO] Development 











[DMS] LIBOOO1 

[BLB] DESIGN STORE 
[DMS] LIB0002 

[BLB] TRAINING STORE 














NOTE: For libraries and document storage areas, TSAFSGW provides the directory name 
rather than the object name. 





You canthen easily select what you want to back up. 


You can also add instances of the --home switch to point to restore areas for post offices or to 
other temporary locations where you want to restore data. 


By default, TSAFSGW places each database to back up in the /tmp directory during the 
backup process. Because it takes less time to copy each database than it does to transfer it to the 
backup medium, this procedure minimizes the time that the backup process locks each live 
Group Wise database. Therefore, the GroupWise agents continue to run smoothly during the 
backup. If necessary, use the --tempdir switch to specify an alternate location where more disk 
space is available. You need sufficient disk space to accommodate the largest database, but not 
the entire domain or post office. 


4 To verify what TSAs are currently running, use the following command: 
./smsconfig -t 


Results should include: 


The loaded TSAs are: 
tsafs --EnableGW 
tsafsgw --home /domain directory --home /post office directory 





5 To establish the specified Group Wise locations as defaults for automatic backups in the future, 
modify the SMS configuration file: 


Sa Change to the directory where the SMS configuration file is located. 
cd /etc/opt/novell/sms 


5b Ina text editor, open the smdrd.conf file. 


5c Locate the following line: 
autoload: tsafs --EnableGW 


5d Add another line beneath it for TSAFSGW: 
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autoload: tsafsgw --home /domain directory 
--home /post office directory 





NOTE: The example is formatted for readability. The entry is a single line oftext. 





5e Save the file and exit. 


With TSAFSGW running, you are ready to back up GroupWise data with Novell Storage 
Management Services (SMS), as described in Storage Management Services Administration Guide 
on the Novell Open Enterprise Server Documentation Web site (http://www.novell.com/ 
documentation/oes), and compatible backup software, as listed in Partner Product Guide (http:// 
www.novell.com/partnerguide). 


Backing Up Remote Domains and Post Offices 

If the domains and post offices to back up are located on a different server from where the agents 
are installed, that target server must meet the following requirements in order for successful backups 
to take place: 


* The novell-sms package must be installed and running on the target server, as described in 
Section , “Running TSAFS on Linux,” on page 444. 


+ Thelibtsafsgw.so.version number file that is installed with the agents to /opt / 
novell/groupwise/agents/lib must be copied to /opt/novel1/1ib on the target 
server. 


+ A symbolic link must be created from libtsafsgw.so to 
libtsafsgw.so.version number on the target server. You can use the following 
command in the /opt /novell/lib directory to create the symbolic link: 


ln -s libtsafsgw.so.version number libtsafsgw.so 


After these requirements are met on the target server where a domain or post office is located but no 
agents are installed, you can follow the instructions in “Running TSAFSGW on Linux” on page 445 
to back up the domain or post office. 


TSAFSGW Startup Switches 


The following startup switches can be used with TSAFSGW on NetWare and Linux: 


NetWare TSAFSGW Linux TSAFSGW 
/home --home 
/tempdir --tempdir 


To tune backup performance, use the startup switches provided for TSAFS as described in Storage 
Management Services Administration Guide on the Novell Open Enterprise Server Documentation 
Web site (http://www.novell.com/documentation/oes). 


Ihome 


Specifies the Group Wise location to back up or restore to. Multiple instances of the /home switch 
are typical. Use a /home switch for each domain and post office to back up. Also use a /home switch 
for each post office restore area and any other temporary location to which you want to restore 
GroupWise data outside the standard GroupWise directory structure. 
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NetWare TSAFSGW Linux TSAFSGW 


Syntax: /home- path --home path 
For example, to back up a domain and a post office, you would use: 


NetWare /home-sys:\gwsystem\provol /home-sys: \gwsystem\dev 


Linux --home /gwsystem/provol --home /gwsystem/dev 


Itempdir 


Specifies where TSAFSGW places files during the backup process. You need sufficient disk space 
to accommodate the largest database, but not the entire domain or post office. The default locations 
are platform specific: 


NetWare: sys:\system\tsa\temp 


Linux: /tmp 


NetWare TSAFSGW Linux TSAFSGW 


Syntax: /tempdir- path --tempdir path 
For example, to change the temporary directory, you would use: 


NetWare: /tempdir-voll:\temp 


Linux: --tempdir /gw/temp 


34.3 GroupWise Time Stamp Utility 


You can use the GroupWise Time Stamp (GWTMSTMP) utility to ensure that GroupWise user 
databases include the dates when they were last backed up, restored, and retained. 


The following sections provide information about the utility: 
+ Section 34.3.1, “GWTMSTMP Functionality,” on page 449 
+ Section 34.3.2, “Running GWTMSTMP on NetWare,” on page 449 
¢ Section 34.3.3, “Running GWTMSTMP on Linux,” on page 450 
+ Section 34.3.4, “Running GWTMSTMP on Windows,” on page 450 
+ Section 34.3.5, “GWTMSTMP Startup Switches,” on page 451 
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34.3.1 GWTMSTMP Functionality 


GWTMSTMP places date and time information on user databases (userxxx. db) in order to 
support message backup, restore, and retention. No other databases are affected. You can run 
GWTMSTMP on all user databases in a post office or on a single user database. 


Backup 


To ensure thorough user database backups, you can make sure that deleted items are not purged from 
users’ databases until they have been backed up. Two conditions must be met in order to provide this 
level of protection against loss of deleted items: 


+ The Allow Purge of Items Not Backed Up option must be deselected in ConsoleOne, as 
described in “Environment Options: Cleanup” on page 1057. 


+ User databases (userxxx.db) must be time-stamped every time a backup is performed so 
that items can be purged only after being backed up. 


If you use GWTSA on NetWare 5.1 or TSAFS on NetWare 6.x/OES or Linux to back up user 
databases, the backup time stamp is automatically added as part of the backup process. However, if 
you do not use GWTSA or TSAFS, you must use GWTMSTMP to make sure that user databases are 
time-stamped so that items will not be prematurely purged. 


Restore 


If you use the GWTSA on NetWare 5.1 or TSAFS on NetWare 6.x/OES or Linux to restore a 
mailbox, the restore time stamp is automatically added as part of the restore process. However, if 
you do not use GWTSA or TSAFS, you can use GWTMSTMP to add the restore time stamp to the 
database. The restore time stamp is not required for any GroupWise feature to work properly. Its 
primary purpose is informational. 


Retention 


If you use a message retention application (see Chapter 33, “Retaining User Messages,” on 

page 419), the application should automatically add the retention time stamp after retaining the 
database’s messages. Any messages with dates that are newer than the retention time stamp cannot 
be purged from the database. 


You can also use GWTMSTMP to manually add a retention time stamp. 


34.3.2 Running GWTMSTMP on NetWare 


The GWTMSTMP program (gwtmstmp .n1m) is installed into the same directory where you 
installed the GroupWise agents (POA and MTA). You can copy it to additional locations if needed. 


To check the existing time stamp on all GroupWise user databases in a post office, use the following 
command: 


Syntax: 
gwtmstmp.nlm /p-volume:Xpost office directory 


Example: 
gwtmstmp.nlm /p-sys:\gwsystem\dev 
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The results are written to the console.log file. 
To set a current time stamp on all user databases in a post office, use the following command: 


Syntax: 


gwtmstmp.nlm /p-volume:Xpost office directory /set 


Example: 
gwtmstmp.nlm /p-sys:\gwsystem\dev /set 


A basic backup time stamp can also be set in ConsoleOne. Select a Post Office object, then click 
Tools > GroupWise Utilities > Backup/Restore Mailbox. On the Backup tab, select Backup, then 
click Yes. 


More specialized functionality is provided through additional GWTMSTMP startup switches. See 
Section 34.3.5, “GWTMSTMP Startup Switches,” on page 451. 


34.3.3 Running GWTMSTMP on Linux 


The GWTMSTMP executable (gwtmstmp) is installed into the bin and lib subdirectories of / 
opt/novell/groupwise/agents along with the GroupWise agents (POA and MTA). You 
can copy it to additional locations if needed. 


To check the existing time stamp on all GroupWise user databases in a post office, use the following 
command: 


Syntax: 
./gwtmstmp -p /post office directory 


Example: 
./gwtmstmp -p /gwsystem/acct 


The results are displayed on the screen. 
To set a current time stamp on all user databases in a post office, use the following command: 


Syntax: 
-/gwtmstmp -p /post office directory --set 


Example: 
./gwtmstmp -p /gwsystem/acct --set 


A basic backup time stamp can also be set in ConsoleOne. Select a Post Office object, then click 
Tools > GroupWise Utilities > Backup/Restore Mailbox. On the Backup tab, select Backup, then 
click Yes. 


More specialized functionality is provided through additional GWTMSTMP startup switches. See 
Section 34.3.5, “GWTMSTMP Startup Switches,” on page 451. 


34.3.4 Running GWTMSTMP on Windows 


The GWTMSTMP program file (gwtmstmp. exe) is installed into the same directory where you 
installed the Group Wise agents (POA and MTA). You can copy it to additional locations if needed. 


450 GroupWise 7 Administration Guide 


To check the existing time stamp on all GroupWise user databases in a post office, use the following 
command: 


Syntax: 
gwtmstmp.exe /p-drive:\post office directory 


Example: 


gwtmstmp.exe /p-m:\gwsystem\acct 
The results are displayed on the screen 
To set a current time stamp on all user databases in a post office, use the following command: 


Syntax: 
gwtmstmp.exe /p-drive:\post office directory /set 


Example: 


gwtmstmp.exe /p-m:\gwsystem\acct /set 


A basic backup time stamp can also be set in ConsoleOne. Select a Post Office object, then click 
Tools > GroupWise Utilities > Backup/Restore Mailbox. On the Backup tab, select Backup, then 
click Yes. 


More specialized functionality is provided through additional GWTMSTMP startup switches. 


34.3.5 GWTMSTMP Startup Switches 


The following startup switches can be used with GWTMSTMP: 


Table 34-7 GWTMSTMP Startup Switches 


NetWare GWTMSTMP Linux GWTMSTMP Windows GWTMSTMP 
IP -P IP 
/backup -b or --backup /backup 
/restore -r or --restore /restore 
/retention -n or --retention /retention 
/get -g or --get /get 

/set -s or --set /set 
/clear -c or --clear /clear 
/date -d or --date /date 
/time -t or --time /time 

lu -u or -userid lu 
/userdb -e or --userdb /userdb 
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Ip 


Specifies the post office directory where the user databases to time-stamp are located. This switch is 


required. 

NetWare GWTMSTMP Linux GWTMSTMP Windows GWTMSTMP 
Syntax: /p-volume:\post_office_dir -p /post_office_dir Ip-drive:post office dir 
Example:  /p-mail:\dev -p /gwsystem/dev lp-j:\dev 


/backup, /restore, and /retention 


Specifies the time stamp on which to perform the operation. If no time stamp is specified, the 
operation is performed on the backup time stamp. 


NetWare GWTMSTMP Linux GWTMSTMP Windows GWTMSTMP 
Syntax: /backup -b /backup 
--backup 
/restore -r /restore 
--restore 
/retention -n /retention 
--retention 


For example, to set the restore time stamp, you would use: 


NetWare: gwtmstmp /p-j:\dev /restore /set 
Linux: ./gwtmstmp -p /gwsystem/dev -r -s 
Windows: gwtmstmp /p-j:\dev /restore /set 
[get 


Lists existing backup, restore, and retention time stamp information for user databases. If no time 
stamps are set, no times are displayed. 


NetWare GWTMSTMP Linux GWTMSTMP Windows GWTMSTMP 


Syntax: /get -g /get 
--get 


For example: 


NetWare: gwtmstmp /p-j:\dev /get 
Linux: ./gwtmstmp -p /gwsystem/dev -g 


Windows: gwtmstmp /p-j:\dev /get 


If no other operational switch is used, /get is assumed. The following example returns the same 
results as the above example: 
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NetWare: gwtmstmp /p-j:\dev 
Linux: ./gwtmstmp -p /gwsystem/dev 


Windows: gwtmstmp /p-j:\dev 


Iset 


Sets the current date and time on user databases. 


NetWare GWTMSTMP Linux GWTMSTMP 


Syntax: /set -S 
--set 


For example, to set the backup time stamp, you would use: 


NetWare: gwtmstmp /p-j:\dev /backup /set 
Linux: ./gwtmstmp -p /gwsystem/dev -b -s 


Windows: gwtmstmp /p-j:\dev /backup /set 
or 


NetWare: gwtmstmp /p-j:\dev /set 
Linux: ./gwtmstmp -p /gwsystem/dev -s 


Windows: gwtmstmp /p-j:\dev /set 


-c, --clear 


Clears existing time stamps. 


NetWare GWTMSTMP Linux GWTMSTMP 


Syntax: /clear -C 
--clear 


Windows GWTMSTMP 


/set 


Windows GWTMSTMP 


/clear 


For example, to clear all time stamps on databases in a post office, you would use: 


NetWare: gwtmstmp /p-j:\dev /clear 

Linux: ./gwtmstmp -p /gwsystem/dev -c 
Windows: gwtmstmp /p-j:\dev /clear 

Idate 


Specifies the date that you want placed on user databases. 
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NetWare GWTMSTMP Linux GWTMSTMP Windows GWTMSTMP 


Syntax: Idate-mm/dd/yyyy -d mmiddlyyyy /date-mm/ddlyyyy 
--date mmiddlyyyy 


Example:  /date-01/03/2007 -d 05/18/2007 /date-04/12/2007 
--date 05/18/2007 


For example, to set the restore date to June 15, 2007, you would use: 


NetWare: gwtmstmp /p-j:\dev /restore /date-06/14/2007 
Linux: ./gwtmstmp -p /gwsystem/dev --restore --date 06/15/2007 
Windows: gwtmstmp /p-j:\dev /restore /date-06/14/2007 


Itime 


Specifies the time that you want placed on user databases. 


NetWare GWTMSTMP Linux GWTMSTMP Windows GWTMSTMP 


Syntax: /time-hh:mm am|pm -t hh:mm am|pm /time-hh:mm am|pm 
--time hh:mm am|pm 


Example:  /time-11:30pm -t 2:00am /time-6:15pm 
--time 2:00am 


For example, to set the restore time to 4:45 p.m., you would use: 


NetWare: gwtmstmp /p-j:\dev /restore /time-4:45pm 
Linux: ./gwtmstmp -p /gwsystem/dev -r -t 4:45pm 


Windows: gwtmstmp /p-j:\dev /restore /time-4:45pm 


lu 


Provides a specific GroupWise user ID so that an individual user database can be time-stamped. 


NetWare GWTMSTMP Linux GWTMSTMP Windows GWTMSTMP 


Syntax: /u-userlD -u userlD lu-userlD 
--userid userID 


Example:  /u-khuang -u sjones /u-mbarnard 
--userid gsmith 


For example, to set the retention time stamp for a user whose GroupWise user ID is mpalu, you 
would use: 


NetWare: gwtmstmp /p-j:\dev /u-mpalu /retention /set 
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Linux: ./gwtmstmp -p /gwsystem/dev -u mpalu -n -s 


Windows: gwtmstmp /p-j:\dev /u-mpalu /retention /set 


-e, --userdb 


Provides a specific Group Wise user database (user xxx. db) so that an individual user database 
can be time-stamped. 


NetWare GWTMSTMP Linux GWTMSTMP Windows GWTMSTMP 


Syntax: luserdb user. database -e user database luserdb user. database 
--userdb user database 


Example:  /userdb user3gh.db -e user3gh.db /userdb user3gh.db 
--userdb user3gh.db 


For example, to set the retention time stamp for a user whose user database is named user3gh, you 
would use: 


NetWare: gwtmstmp /p-j:\dev /userdb user3gh.db /retention /set 
Linux: ./gwtmstmp -p /gwsystem/dev -e user3gh.db -n -s 


Windows: gwtmstmp /p-j:\dev /userdb user3gh.db /retention /set 


34.4 GroupWise Database Copy Utility 


The Group Wise Database Copy utility (DBCopy) copies files from a live GroupWise post office or 
domain to a static location for backup. During the copy process, DBCopy prevents the files from 
being modified, using the same locking mechanism used by other GroupWise programs that access 
databases. This ensures that the backed-up versions are consistent with the originals even when large 
databases take a substantial amount of time to copy. Starting with Support Pack 2, DBCopy is a 
multi-threaded application for greater efficiency. 


DBCopy copies only Group Wise-recognized directories and files, as illustrated in “Post Office 
Directory” and “Domain Directory” in “Directory Structure Diagrams” in GroupWise 7 
Troubleshooting 3: Message Flow and Directory Structure. 


DBCopy does not copy some directories: 
+ Post office queue directories (wpcsin and wpcsout): Only post office data files and 
directories are copied. Queue directories are not copied. 
+ All domain subdirectories: Only domain files are copied. Queue directories are not copied. 


+ All subdirectories under each gateway directory in wogate: Only gateway files are copied 
from each gateway directory. Queue directories of gateway directories are not copied. For 
example, under gwia and webac7 0a, gateway files are copied, but no gateway subdirectories 
are copied. 


IMPORTANT: Starting with GroupWise 7, TSAFSGW is provided as a robust backup solution on 
NetWare and Linux, as described in Section 34.2, “Target Service Agents,” on page 434. However, 
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if you do not want to use TSAFSGW, you can use DBCopy in conjunction with your backup 
software of choice to back up your GroupWise system. 





+ Section 34.4.1, “Using DBCopy on NetWare,” on page 456 
+ Section 34.4.2, “Using DBCopy on Linux,” on page 456 

+ Section 34.4.3, “Using DBCopy on Windows,” on page 457 
+ Section 34.4.4, “DBCopy Startup Switches,” on page 458 


DBCopy can also be useful for moving domains and post office from NetWare or Windows to 
Linux. For more information, see “Migration” in the GroupWise 7 Installation Guide. 


34.4.1 Using DBCopy on NetWare 


1 Atacommand prompt, change to the directory where you installed the Group Wise agents 
(typically sys: \system). 

2 Use the following command to back up a post office: 
dbcopy.nlm \post office directory \destination directory 
or 


Use the following command to back up a domain: 
dbcopy.nlm \domain directory \destination directory 


or 
Use the following command to back up a remote document storage area: 
dbcopy.nlm /b \storage area directory 


You can include the /i switch in any of these commands to provide the date (mm-dd-yyyy) of the 
previous copy. This causes DBCopy to copy only files that have been modified since the 
previous copy, like an incremental backup. 


DBCopy creates a log file named mmddgwbk . nnn. The first 4 characters represent the date. A 
three-digit extension allows for multiple log files created on the same day. The log file is 
created at the root of the destination directory. Include the /v switch in the dbcopy command 
to enable verbose logging for the backup. 


3 After DBCopy has finished copying the post office, domain, or remote document storage area, 
use your backup software of choice to back up the static copy of the data. 


4 After the backup has finished, delete the static copy of the data to conserve disk space. 


34.4.2 Using DBCopy on Linux 


1 Change to the directory where the DBCopy RPM is located or copy it to a convenient location 
on your workstation. 


The DBCopy RPM (groupwise-dbcopy-version-mmdd.i386.rpm) is located in the 
/admin directory in your GroupWise software distribution directory if you have created one 
or on the GroupWise 7 Administrator for Linux CD. 


2 Install DBCopy. 
rpm -i groupwise-dbcopy-version-mmdd.i386.rpm 
3 Change to the /opt/novell/groupwise/agents/bin directory. 


4 Use the following command to back up a post office: 
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./dbcopy /post office directory /destination directory 
or 

Use the following command to back up a domain: 

./dbcopy /domain directory /destination directory 

Or 

Use the following command to back up a remote document storage area: 
./dbcopy -b /storage area directory 


You can include the -i switch in any of these commands to provide the date (mm-dd-yyyy) of the 
previous copy. This causes DBCopy to copy only files that have been modified since the 
previous copy, like an incremental backup. 


DBCopy creates a log file named mmddgwbk . nnn. The first 4 characters represent the date. A 
three-digit extension allows for multiple log files created on the same day. The log file is 
created at the root of the destination directory. Include the -v switch in the dbcopy command 
to enable verbose logging for the backup. 


5 After DBCopy has finished copying the post office, domain, or remote document storage area, 
use your backup software of choice to back up the static copy of the data. 


6 After the backup has finished, delete the static copy of the data to conserve disk space. 


You might find it helpful to set up a cron job to run DBCopy regularly at a time of day when your 
system is not busy. 


34.4.3 Using DBCopy on Windows 


1 Atacommand prompt, change to the directory where you installed the Group Wise agents 
(typically c: \grpwise). 
2 Use the following command to back up a post office: 
dbcopy.exe \post office directory \destination directory 
or 
Use the following command to back up a domain: 
dbcopy.exe \domain directory \destination directory 
or 
Use the following command to back up a remote document storage area: 
dbcopy.exe /b \storage area directory 
You can include the /i switch in any of these commands to provide the date (mm-dd-yyyy) of the 


previous copy. This causes DBCopy to copy only files that have been modified since the 
previous copy, like an incremental backup. 


DBCopy creates a log file named mmddgwbk . nnn. The first 4 characters represent the date. A 
three-digit extension allows for multiple log files created on the same day. The log file is 
created at the root of the destination directory. Include the /v switch in the dbcopy command 
to enable verbose logging for the backup. 


3 After DBCopy has finished copying the post office, domain, or remote document storage area, 
use your backup software of choice to back up the static copy of the data. 


4 After the backup has finished, delete the static copy of the data to conserve disk space. 
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34.4.4 DBCopy Startup Switches 


The following startup switches can be used with DBCopy: 


NetWare DBCopy Linux DBCopy Windows DBCopy 
Ib --b Ib 
li --i li 
It --t It 
N --V N 
Ib 
Indicates that DBCopy is copying a document storage area that includes BLOB (binary large object) 
files. 
NetWare DBCopy Linux DBCopy Windows DBCopy 
Syntax: /b-\storage_area_directory -b /storage_area_directory /b-\storage_area_directory 
Example:  /b-\gwsystem\devlib -b /gwsystem/devlib /b-\gwsystem\devlib 
li 


Specifies the date of the previous copy of the data. This causes DBCopy to copy only files that have 
been modified since the previous copy, like an incremental backup. There is no default date; you 
must specify a date. 


NetWare DBCopy Linux DBCopy Windows DBCopy 
Syntax: li-mm-dd-yyyy -i mm-dd-yyyy li-mm-dd-yyyy 
Example: /i-12-15-2007 -i 5-18-2007 li-10-30-2007 


It 


Specifies the number of threads that you want DBCopy to start for copying data. The default number 
of threads is 5; valid values range for 1 to 10. The default value typically provides optimum 


performance. 

NetWare DBCopy Linux DBCopy Windows DBCopy 
Syntax: /t-number -t number /t-number 
Example: — /t-3 -t7 It-10 
Iv 


Specifies verbose logging. DBCopy creates a log file named mmddgwbk . nnn. The first 4 
characters represent the date. A three-digit extension allows for multiple log files created on the 
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same day. The log file is created at the root of the destination directory. By default, DBCopy 
provides a normal level of logging. 


NetWare DBCopy Linux DBCopy Windows DBCopy 


Syntax: N -V N 
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Post Office Agent 


+ Chapter 35, “Understanding Message Delivery and Storage in the Post Office,” on page 463 
¢ Chapter 36, “Configuring the POA,” on page 475 

¢ Chapter 37, “Monitoring the POA,” on page 515 

+ Chapter 38, “Optimizing the POA,” on page 547 

+ Chapter 39, “Using POA Startup Switches,” on page 565 
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Understanding Message Delivery 
and Storage in the Post Office 


A post office is a collection of user mailboxes and Group Wise” objects. Messages are delivered into 
mailboxes by the Post Office Agent (POA). The following topics help you understand the post office 
and the functions of the POA: 

+ Section 35.1, “Post Office Representation in ConsoleOne,” on page 463 

+ Section 35.2, “Post Office Directory Structure,” on page 464 

+ Section 35.3, “Information Stored in the Post Office,” on page 464 

+ Section 35.4, “Post Office Access Mode,” on page 468 

+ Section 35.5, “Role of the Post Office Agent,” on page 469 

+ Section 35.6, “Message Flow in the Post Office,” on page 471 

+ Section 35.7, “Cross-Platform Issues in the Post Office,” on page 471 


35.1 Post Office Representation in ConsoleOne 


In ConsoleOne®, post offices are container objects that contain at least one POA object, as shown 
below: 


Figure 35-1 ConsoleOne View Showing the POA Object 
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Although each post office is linked to a domain, it does not display as subordinate to the domain in 
the Console View. However, using the GroupWise View, you can display post offices as subordinate 
to the domains to which they are linked in your GroupWise system. 
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Figure 35-2 GroupWise View Showing Post Offices in Relationship to Domains 
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35.2 Post Office Directory Structure 


Physically, a post office consists of a set of directories that house all the information stored in the 
post office. See “Post Office Directory” in GroupWise 7 Troubleshooting 3: Message Flow and 
Directory Structure. 


35.3 Information Stored in the Post Office 


The following types of information are stored in the post office: 


+ Section 35.3.1, “Post Office Database,” on page 464 
+ Section 35.3.2, “Message Store,” on page 464 
+ Section 35.3.3, “Guardian Database,” on page 466 
+ Section 35.3.4, “Agent Input/Output Queues in the Post Office,” on page 466 
+ Section 35.3.5, “Libraries (optional),” on page 467 
All databases in the post office should be backed up regularly. How often you back up GroupWise 


databases depends on the reliability of your network and hardware. See Section 31.2, “Backing Up a 
Post Office,” on page 407. 


35.3.1 Post Office Database 


The post office database (wohost .db) contains all administrative information for the post office, 
including a copy of the GroupWise Address Book. This information is necessary for users to send 
messages to others in the GroupWise system. 


35.3.2 Message Store 


GroupWise messages are made up of three parts: 


+ Message Header: The message header contains addressing information including the sender’s 
address, recipient’s address, message priority, status level, and a pointer that links the header to 
the message body. 
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+ Message Body: The message body contains the message text in an encrypted format and a 
distribution list containing user IDs of the sender and recipients. 


¢ File Attachments (optional): File attachments can be any type of file that is attached to the 
message. 


The message store consists of directories and databases that hold messages. The message store is 
shared by all members of the post office so only one copy of a message and its attachments is stored 
in the post office, no matter how many members of the post office receive the message. This makes 
the system more efficient in terms of message processing, speed, and storage space. 


All information in the message store is encrypted to prevent unauthorized access. 
The message store contains the following components: 


+ “User Databases” on page 465 
+ “Message Databases” on page 465 
+ “Attachments Directory” on page 466 


User Databases 


Each member of the post office has a personal database (user xxx. db) which represents the user's 
mailbox. The user database contains the following: 

+ Message header information 

+ Pointers to messages 

+ Folder assignments 

+ Personal groups 

+ Personal address books 

+ Rules 

+ Contacts 

+ Checklists 

+ Categories 

+ Junk Mail lists 
When a member of another post office shares a folder with one or more members of the local post 


office, a “prime user” database (puxxxxx . db) is created to store the shared information. The 
“prime user” is the owner of the shared information. 


Local user databases and prime user databases are stored in the of user directory in the post office. 


Message Databases 


Each member of the post office is arbitrarily assigned to a message database (nsgnnn. db) where 
the body portions of messages are stored. Many users in a post office share a single message 
database. There can be as many as 255 message databases (numbered 0 through 254) in a post 
office. Message databases are stored in the ofmsg directory in the post office. 


Historical Note: Prior to GroupWise 7, the POA created a maximum of 25 message databases per 
post office. The current maximum of 255 message databases speeds up message delivery and 
minimizes user impact if a database is damaged. 
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Outgoing messages from local senders are stored in the message database assigned to each sender. 
Incoming messages from users in other post offices are stored in the message database that 
corresponds to the message database assigned to the sender in his or her own post office. In each 
case, only one copy of the message is stored in the post office, no matter how many members of the 
post office it is addressed to. 


Attachments Directory 


The attachments directory (of files) contains subdirectories that store file attachments, message 
text, and distribution lists that exceed 2 KB. Items of this size are stored more efficiently as files 
than as database records. The message database contains a pointer to where each item is found. 


35.3.3 Guardian Database 


The guardian database (ngwguard. db) serves as the master copy of the data dictionary 
information for the following subordinate databases in the post office: 


+ User databases (user xxx. db) 
+ Message databases (msgnnn.db) 
+ Prime user databases (puxxxxx. db) 


+ Library databases (dmsh.db and dmxxnn01-FF.db) 


The guardian database is vital to GroupWise functioning. Therefore, the POA has an automated 
back-up and roll-forward process to protect it. The POA keeps a known good copy of the guardian 
database called ngwguard. fbk. Whenever it modifies the ngwguard. db file, the POA also 
records the transaction in the roll-forward transaction log called ngwguard.rf1.Ifthe POA 
detects damage to the ngwguard. db file on startup or during a write transaction, it goes back to 
the ngwguard. fbk file (the “fall back” copy) and applies the transactions recorded in the 
ngwguard.rf1 file to create a new, valid and up-to-date ngwguard. db. 


In addition to the POA back-up and roll-forward process, you should still back up the 
ngwguard.db, ngwguard. fbk, and ngwguard.rf1 files regularly to protect against media 
failure. Without a valid ngwguard.db file, you cannot access your e-mail. With current 

ngwguard. fbk and ngwguard. rf1 files, a valid ngwguard. db file can be rebuilt should the 
need arise. 


The ngwguard. dc file is the structural template for building the guardian database and its 
subordinate databases. Also called a dictionary file, the ngwguard. dc file contains schema 
information, such as data types and record indexes. If this dictionary file is missing, no additional 
databases can be created in the post office. 


35.3.4 Agent Input/Output Queues in the Post Office 


Each post office contains agent input/output queues where messages are deposited and picked up for 
processing by the POA and the MTA. The MTA transfers messages into and out of the post office, 
while the POA handles message delivery. 


For illustrations of the processes presented below, see “Message Delivery to a Different Post Office” 
and “Message Delivery to a Different Domain” in GroupWise 7 Troubleshooting 3: Message Flow 
and Directory Structure. 
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MTA Output Queue in the Post Office 
The MTA output queue in each post office is the post office\wpcsout directory. 


If the MTA has a mapped or UNC link to the post office, the MTA writes user messages directly into 
its output queue, which requires write access to the post office. If the MTA has a TCP/IP link to the 
post office, the MTA transfers user messages to the POA by way of TCP/IP. The POA then stores the 
messages in the MTA output queue on behalf of the MTA, so the MTA does not need write access to 
the post office. 


The post_office\wpcsout\ofs subdirectory is where the MTA transfers user messages for 
delivery by the POA to users’ mailboxes in the local post office. 


The MTA post office\wpcsout \ads subdirectory is where the MTA transfers 
administrative messages instructing the POA admin thread to update the post office database 
(wphost.db). 


POA Input Queue in the Post Office 


The POA input queue in each post office is the post office\wpcsout directory, which is the 
same as the MTA output queue. 


The post office\wpcsout\ofs subdirectory is where the POA picks up user messages 
deposited there by the MTA and updates the local message store, so users receive their messages. 


The post office\wpcsout\ads subdirectory is where the POA admin thread picks up 
administrative messages deposited there by the MTA and updates the post office database 
(wphost.db). 


POA Output Queue in the Post Office 


The POA output queue (post_office\wpcsin) is where the POA deposits user messages for the MTA 
to transfer to other domains and post offices. 


Historical Note: In earlier versions of GroupWise, the GroupWise client wrote user messages to the 
POA output queue when using direct access to the post office. In GroupWise 6.x and later, client/ 
server access to the post office is the preferred method. 


MTA Input Queue in the Post Office 


The MTA input queue in each post office (post officeXwpcsin)is the same as the POA 
output queue. The MTA picks up user messages deposited there by the POA and transfers them to 
other domains and post offices. 


For a mapped or UNC link between the domain and post office, the MTA requires read/write access 
rights to its input/output queues in the post office. For a TCP/IP link, no access rights are required 
because messages are communicated to the MTA by way of TCP/IP. 


35.3.5 Libraries (optional) 


A library is a collection of documents and document properties stored in a database system that can 
be managed and searched. You do not need to set up libraries unless you are using GroupWise 
Document Management Services (DMS). See Part VII, “Libraries and Documents,” on page 291. 
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Library Databases 


The databases for managing libraries are stored in the gwdms directory and its subdirectories in the 
post office. 


The dmsh. db file is a database shared by all libraries in the post office. It contains information 
about where each library in the post office is located. 


Each library has its own subdirectory in the gwdms directory. In each library directory, the 
dmxxnn01-FF. db files contain information specific to that library, such as document properties 
and what users have rights to access the library. 


Document Storage Areas 


The actual documents in a library are not kept in the library databases. They are kept in a document 
storage area, which consists of a series of directories for storing document files. Documents are 
encrypted and stored in BLOBs (binary large objects) to make document management easier. A 
document, its versions, and related objects are stored together in the same BLOB. 


A document storage area might be located in the post office directory structure, or in some other 
location where more storage space is available. If it is located in the post office, the document 
storage area can never be moved. Therefore, storing documents in the post office directory structure 
is not usually recommended. If it is stored outside the post office, a document storage area can be 
moved when additional disk space is required. 


35.4 Post Office Access Mode 


The GroupWise 6.x and later Windows client and the GroupWise 6.5 and later Cross-Platform client 
both use client/server access mode to the post office. This requires a TCP/IP connection between the 
GroupWise clients and the POA in order for users to access their mailboxes. Benefits of client/server 
access include: 


+ Load Balancing: The workload is split between the client workstation and the POA on another 
server. The POA can perform a processor-intensive request while the client is doing something 
else. 


+ Database Integrity: The GroupWise client does not need write access to databases in the post 
office. Therefore, client failures cannot damage databases. 


+ Reduced Network Traffic: Requests are processed on the POA server and only the results are 
sent back across the network to the client workstation. 


¢ Tighter Security: Client users do not need to log in to the server where the post office is 
located. This eliminates the need for users to have write access to the post office directory. 


¢ Scalability: More concurrent users can be supported in a single post office. 


+ Platform Independence: The GroupWise client on any platform can access the post office by 
way of TCP/IP communication with the POA. 


¢ Simplified Client Connections: The GroupWise client can communicate with any POA in the 
GroupWise system. Any POA can then redirect the client to connect to the correct POA for the 
users’ post office. 


Historical Note: In GroupWise 5.x, the Group Wise client allowed the user to enter a path to the post 
office directory to facilitate direct access mode. The GroupWise 6.x and later clients no longer offer 
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the user that option. However, you can force the GroupWise 6.x and later client to use direct access 
by starting it with the /ph switch and providing the path to the post office directory. 


35.5 Role of the Post Office Agent 


The Group Wise Post Office Agent (POA) delivers messages to users’ mailboxes, connects users to 
their post offices in client/server access mode, updates post office databases, indexes messages and 
documents, and performs other post office-related tasks. You must run at least one POA for each 
post office. 


The following sections help you understand the various functions of the POA: 


+ Section 35.5.1, “Client/Server Processing,” on page 469 
+ Section 35.5.2, “Message File Processing,” on page 470 
+ Section 35.5.3, “Other POA Functions,” on page 470 


35.5.1 Client/Server Processing 


Using client/server access mode, the GroupWise client maintains one or more TCP/IP connections 
with the POA and does not access the post office directly. Consequently, the performance of the 
POA in responding to requests from the GroupWise client directly affects the Group Wise client’s 
responsiveness to users. To provide the highest responsiveness to client users, you can configure a 
POA just to handle client/server processing. See Section 38.1.3, “Configuring a Dedicated Client/ 
Server POA,” on page 550. 


When using client/server access mode, the GroupWise client can be configured to control how much 
time it spends actually connected to the POA. 


* In Online mode, the client is continuously connected. 


¢ In Caching mode, the client connects at regular intervals to check for incoming messages and 
also whenever the client user sends a message. Address lookup is performed locally. Caching 
mode allows the POA to service a much higher number of users than Online Mode. 


+ In Remote mode, the client connects whenever the client user chooses, such as when using a 
brief modem connection to download and upload messages. 





NOTE: Remote mode is not currently available in the Cross-Platform client. 





For more information about the client modes available with client/server access mode, see “Using 
Caching Mode” and “Using Remote Mode” in the GroupWise 7 Windows Client User Guide and 
“Using Caching Mode” in the GroupWise 7 Cross-Platform Client User Guide. 


Client/server access mode also allows users to access their GroupWise mailboxes from POP and 
IMAP clients, in addition to the GroupWise client. See Section 36.2.3, “Supporting IMAP Clients,” 
on page 490. 


In client/server mode, the POA can provide and, if necessary, force secure SSL connections with all 
clients. See Section 36.3.3, “Securing the Post Office with SSL Connections to the POA,” on 
page 498. 
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35.5.2 Message File Processing 


Messages from users in other post offices arrive in the local post office in the form of message files 
deposited in the POA input queue. See Section 35.3.4, “Agent Input/Output Queues in the Post 
Office,” on page 466. 


The POA picks up the message files and updates all user and message databases to deliver incoming 
messages in the local post office. To provide timely delivery for a large volume of incoming 
messages, you can configure a POA just to handle message file processing. See Section 38.2.2, 
“Configuring a Dedicated Message File Processing POA,” on page 553. 


35.5.3 Other POA Functions 


In addition to client/server processing (interacting with client users) and message file processing 
(delivering messages), the POA: 


+ Performs indexing tasks for document management. See Section 38.3.1, “Regulating 
Indexing,” on page 555. 


+ Performs scheduled maintenance on databases in the post office. See Section 36.4.1, 
“Scheduling Database Maintenance,” on page 507. 

+ Monitors and manages disk space usage in the post office. See Section 36.4.2, “Scheduling 
Disk Space Management,” on page 510. 

¢ Restricts the size of messages that users can send outside the post office. See Section 36.2.8, 
“Restricting Message Size between Post Offices,” on page 495. 

+ Primes users’ mailboxes for Caching mode. See Section 36.2.7, “Supporting Forced Mailbox 
Caching,” on page 494. 


¢ Performs nightly user upkeep so users do not need to wait while the GroupWise client performs 
it; also creates a downloadable version of the system Address Book for Remote and Caching 
users. See Section 36.4.3, “Performing Nightly User Upkeep,” on page 513. 


+ Provides LDAP authentication and LDAP server pooling. See Section 36.3.4, “Providing 
LDAP Authentication for GroupWise Users,” on page 501. 


+ Prevents unauthorized access to the post office. See Section 36.3.5, “Enabling Intruder 
Detection,” on page 506. 


¢ Tracks the GroupWise client software in use in the post office. See Section 36.2.6, “Checking 
What Group Wise Clients Are in Use,” on page 492. 


+ Automatically detects and repairs invalid information in user databases (userxxx.db) and 
message databases (msgnnn. db) for the local post office by using an efficient multi-threaded 
process. See Section 38.4.1, “Adjusting the Number of POA Threads for Database 
Maintenance,” on page 559. 


+ Automatically detects and repairs invalid information in the post office database 
(wphost.db). 


+ Automatically detects and repairs damage to the guardian database (ngwguard. db) in the 
post office. 


+ Updates the post office database whenever Group Wise users, resources, post offices, or other 
GroupWise objects are added, modified, or deleted. 


¢ Replicates shared folders between post offices. 


+ Executes GroupWise client rules. 
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+ Processes requests from GroupWise Remote users. 


35.6 Message Flow in the Post Office 


To see how messages are delivered using client/server access mode, see “Message Delivery in the 
Local Post Office” in GroupWise 7 Troubleshooting 3: Message Flow and Directory Structure. 


35.7 Cross-Platform Issues in the Post Office 


Group Wise is designed to function in a variety of environments. The GroupWise Windows client 
runs on the following platforms: 


+ Windows 2000 
+ Windows XP 
+ Windows 2003 


The Group Wise Cross-Platform client runs on the following platforms: 


+ Linux 

+ Macintosh 
In addition, GroupWise users can access their mailboxes without using a GroupWise client through 
the following applications: 

+ GroupWise WebAccess (see “WebAccess” on page 853) 


+ POP and IMAP clients such as Netscape* Mail, Eudora* Pro, Microsoft Outlook, and 
Entourage* 


+ MAPI clients such as Microsoft Mail and cc:Mail* 


+ SOAP clients such as Evolution 
Post offices can be located on the following platforms: 


+ Novell® NetWare® 
+ Windows Server 
+ Linux 


The Group Wise agents can run on the following platforms: 


+ Novell NetWare 

+ Windows Server 

+ Linux 
In general, GroupWise is most efficient if you match the agent platform with the network operating 
system, so the POA and the post office should be on the same platform, and the client should be on a 


compatible platform. Those with mixed networks might wonder what combinations are possible. 
You have several alternatives. 


+ Section 35.7.1, “Client/Post Office Platform Independence through Browser Technology,” on 
page 472 
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+ Section 35.7.2, “Client/Post Office Platform Independence through Client/Server Mode,” on 
page 472 


¢ Section 35.7.3, “POA/Post Office Platform Dependencies Because of Direct Access 
Requirements,” on page 472 


35.7.1 Client/Post Office Platform Independence through 
Browser Technology 


If your Group Wise users want to access their mailboxes through POP3, IMAP4, or SOAP clients, it 
makes no difference what platform their post offices are located on. However, users are limited to 
the client capabilities of their POP3, IMAP4, or SOAP clients. 


If you install GroupWise WebAccess on a Web server, GroupWise users can still access their 
mailboxes through their browsers and with more native Group Wise features available. See 
“WebAccess” on page 853 for more information. 


35.7.2 Client/Post Office Platform Independence through 
Client/Server Mode 


The Group Wise 6.5 and later Windows client and the Cross-Platform client require Client/Server 
access mode. With this configuration, it makes no difference what platform users’ post offices are 
located on. The GroupWise client accesses the post office by communicating with the POA using 
TCP/IP, which is a platform-independent protocol. 


35.7.3 POA/Post Office Platform Dependencies Because of 
Direct Access Requirements 


The POA must have direct access to the post office directory. Therefore, the POA must be able to 
log in to the server where the post office is located and must be able to write to the databases and 
directories located in the post office. 


Although the recommended configuration is for the POA and the post office to be on the same 
platform and preferably on the same server, some variation is possible. The table below summarizes 
the various combinations of POA and post office platforms and indicates which combinations work 
for direct access and which ones do not for GroupWise 7.x: 


Table 35-1 POAs and Platforms Supported for Direct Access 


NetWare POA Linux POA Windows POA 
Post Office on NetWare Yes Not supported! Yes 
Post Office on Linux Not supported! Yes Yes 
Post Office on Windows No? Yes Yes 
Post Office on No? No? No? 


Macintosh 


l For these combinations, an NFS* connection is reguired, which is not a supported configuration 
for the agents. 
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2 The NetWare POA cannot service a post office on a Windows server because Windows does not 
support the required cross-platform connection. 


3 Post offices cannot be created on Macintosh computers. 
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Configuring the POA 


For detailed instructions about installing and starting the POA for the first time, see “Installing 
GroupWise Agents” in the GroupWise 7 Installation Guide. 


As your GroupWise® system grows and evolves, you might need to modify POA configuration to 
meet the changing needs of the post office it services. The following topics help you configure the 


POA: 


Table 36-1 Configuring the POA 


+ Section 36.1, “Performing 
Basic POA Configuration,” on 
page 475 


+ Section 36.2, “Configuring 
User Access to the Post 
Office,” on page 486 


+ Section 36.3, “Configuring 
Post Office Security,” on 
page 496 


+ Section 36.4, “Configuring 
Post Office Maintenance,” on 
page 507 


Creating a POA Object in eDirectory 
Configuring the POA in ConsoleOne 


Changing the Link Protocol between the Post Office and the 
Domain 


Binding the POA to a Specific IP Address 

Moving the POA to a Different Server 

Adjusting the POA for a New Post Office Location 
Adjusting the POA Logging Level and Other Log Settings 


Using Client/Server Access to the Post Office 

Simplifying Client/Server Access with a GroupWise Name Server 
Supporting IMAP Clients 

Supporting SOAP Clients 

Supporting CAP Clients 

Checking What GroupWise Clients Are in Use 

Supporting Forced Mailbox Caching 

Restricting Message Size between Post Offices 


Securing Client/Server Access through a Proxy Server 
Securing the Post Office with SSL Connections to the POA 
Providing LDAP Authentication for GroupWise Users 
Enabling Intruder Detection 

Configuring Trusted Application Support 


Scheduling Database Maintenance 
Scheduling Disk Space Management 
Performing Nightly User Upkeep 


36.1 Performing Basic POA Configuration 


POA configuration information is stored as properties of its POA object in eDirectory™. The 
following topics help you modify the POA object in ConsoleOne® and change POA configuration to 
meet changing system configurations: 


¢ Section 36.1.1, “Creating a POA Object in eDirectory,” on page 476 


¢ Section 36.1.2, “Configuring the POA in ConsoleOne,” on page 477 
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+ Section 36.1.3, “Changing the Link Protocol between the Post Office and the Domain,” on 
page 481 


+ Section 36.1.4, “Binding the POA to a Specific IP Address,” on page 483 

¢ Section 36.1.5, “Moving the POA to a Different Server,” on page 484 

+ Section 36.1.6, “Adjusting the POA for a New Post Office Location,” on page 484 

¢ Section 36.1.7, “Adjusting the POA Logging Level and Other Log Settings,” on page 485 


36.1.1 Creating a POA Object in eDirectory 


When you create a new post office, one POA object is automatically created for it. You can set up 
additional POAs for an existing post office if message traffic in the post office is heavy. To 
accomplish this, you must create additional POA objects as well. 


To create a new POA object in Novell® eDirectory: 


1 In ConsoleOne, browse to and right-click the Post Office object for which you want to create a 
new POA object, then click New > Object. 


2 Double-click GroupWise Agent to display the Create GroupWise Agent dialog box. 


Create GroupWise Agent 


Cancel 








= Help 





[ Define additional properties 


T Create another agent 





3 Type a unique name for the new POA. The name can include as many as 8 characters. Do not 
use any of the following invalid characters in the name: 


ASCII characters 0-13 Comma, 


Asterisk * Double quote " 

At sign @ Extended ASCII characters that are graphical or typographical symbols; 
accented characters in the extended range can be used 

Braces { } Parentheses ( ) 

Colon : Period . 


You use this name with the /name startup switch when you start the new POA. 
The Type field is automatically set to Post Office. 

4 Select Define Additional Properties. 

5 Click OK. 
The POA object is automatically placed within the Post Office object. 


6 Review the information displayed for the first four fields on the Identification page to ensure 
that you are creating the correct type of Agent object in the correct location. 
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Properties of POA 


DS Rights v | Other | Rights to Files and Folders | 


Domain.PO: Provo1 Development 
Distinguished Name: POA.Development.GroupWise 
Name: POA 


Agent Type: Post Office 





Description: jää Post Office Agent 





Platform: [Netware 





Page Options... | Cancel | 








7 Inthe Description field, type one or more lines of text describing the POA. 


This description displays on the POA server console as the POA runs. When you run multiple 
POAs on the same server, the description should uniquely identify each one. If multiple 
administrators work at the server where the POA runs, the description could include a note 
about who to contact before stopping the POA. 


8 Inthe Platform field, select the platform (NetWare, Linux, or Windows) where the POA will 
run. 


9 Continue with Section 36.1.2, “Configuring the POA in ConsoleOne,” on page 477. 


36.1.2 Configuring the POA in ConsoleOne 


The advantage to configuring the POA in ConsoleOne, as opposed to using startup switches in a 
POA startup file, is that the POA configuration settings are stored in eDirectory. 


1 In ConsoleOne, expand the eDirectory container where the Post Office object is located. 
2 Expand the Post Office object. 
3 Right-click the POA object, then click Properties. 


The table below summarizes the POA configuration settings in the POA object properties pages and 
how they correspond to POA startup switches (as described in Chapter 39, “Using POA Startup 
Switches,” on page 565). The table also includes settings on the Post Office object that correspond 
to POA startup switches. 


Table 36-2 POA Configuration Settings 
ConsoleOne Properties Pages 


and Settings Corresponding Tasks and Startup Switches 


POA Identification Page 
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ConsoleOne Properties Pages 
and Settings 


Domain.PO 
Distinguished Name 
Name 

Agent Type 
Description 

Platform 


POA Agent Settings Page 


Message File Processing 


Message Handler Threads 


Enable TCP/IP (for C/S) 


TCP Handler Threads 


Max Physical Connections 
Max Application Connections 


Enable Caching 
CPU Utilization (NLM) 


Delay Time (NLM) 


Max Thread Usage for Priming 
and Moves 


Enable IMAP 
Max IMAP Threads 


Enable SOAP 
Max SOAP Threads 


Enable SNMP 


SNMP Community "Get" 
String 


Disable Administration 
Task Processing 


HTTP User Name 
HTTP Password 


Network Address Page 
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Corresponding Tasks and Startup Switches 


See Section 36.1.1, “Creating a POA Object in eDirectory,” on 
page 476. 


See Section 38.2.2, “Configuring a Dedicated Message File Processing 
POA,” on page 553. 
See also /nomf, /nomfhigh, and /nomflow. 


See Section 38.2.1, “Adjusting the Number of POA Threads for 
Message File Processing,” on page 552. 
See also /threads. 


See Section 36.2.1, “Using Client/Server Access to the Post Office,” on 
page 486 and Section 38.1.3, “Configuring a Dedicated Client/Server 
POA,” on page 550. 

See also /notcpip. 


See Section 38.1.2, “Adjusting the Number of Connections for Client/ 
Server Processing,” on page 549. 
See also /tcpthreads. 


See Section 38.1.2, “Adjusting the Number of Connections for Client/ 
Server Processing,” on page 549. 
See also /maxphysconns and /maxappconns. 


See /nocache. 


See Section 38.5, “Optimizing CPU Utilization for the NetWare POA,” on 
page 562. 
See also /cpu and /sleep. 


See Section 36.2.7, “Supporting Forced Mailbox Caching,” on 
page 494. 
See also /primingmax. 


See Section 36.2.3, “Supporting IMAP Clients,” on page 490. 
See also /imap and /imapmaxthreads. 


See Section 36.2.4, “Supporting SOAP Clients,” on page 491. 
See also /soap and /soapmaxthreads. 


See Section 37.6, “Using an SNMP Management Console,” on 
page 540. 

See also /nosnmp. 

See /noada. 


See Section 37.2.1, “Setting Up the POA Web Console,” on page 531. 
See also /httpuser and /httppassword. 


ConsoleOne Properties Pages 
and Settings 


TCP/IP Address 
IPX/SPX Address 


Proxy Server Address 


Bind Exclusively to 
TCP/IP Address 


Message Transfer 


HTTP 


Local Intranet Client/Server 
Internet Proxy Client/Server 


IMAP 


SOAP 


QuickFinder Page 


Enable QuickFinder Indexing 
Start QuickFinder Indexing 
QuickFinder Interval 


Maintenance Page 
Enable Auto DB Recovery 


Maintenance Handler 
Threads 


Perform User Upkeep 
Start User Upkeep 


Generate Address Book for 
Remote 


Start Address Book 
Generation 


Disk Check Interval 
Disk Check Delay 


POA Log Settings Page 


Corresponding Tasks and Startup Switches 


See Section 36.2.1, “Using Client/Server Access to the Post Office,” on 
page 486 and Section , “Using TCP/IP Links between the Post Office 
and the Domain,” on page 481. 

See also /ip. 


See Section 36.3.1, “Securing Client/Server Access through a Proxy 
Server,” on page 496. 


See Section 36.1.4, “Binding the POA to a Specific IP Address,” on 
page 483 
See also /ip. 


See Section , “Using TCP/IP Links between the Post Office and the 
Domain,” on page 481. 

See also /mtpinipaddr, /mtpinport, /mtpoutipaddr, /mtpoutport, / 
mtpsendmax, and /mtpssl. 


See Section 37.2.1, “Setting Up the POA Web Console,” on page 531. 
See also /httpport and /httpssl. 


See Section 36.2.1, “Using Client/Server Access to the Post Office,” on 
page 486 and Section , “Using TCP/IP Links between the Post Office 
and the Domain,” on page 481. 

See also /port, /internalclientssl, and /externalclientssl. 


See Section 36.2.3, “Supporting IMAP Clients,” on page 490. 
See also /imapport, /imapssl, and /imapsslport. 


See Section 36.2.4, “Supporting SOAP Clients,” on page 491. 
See also /soapport and /soapssl. 


See Section 38.3.1, “Regulating Indexing,” on page 555 and 

Section 38.3.2, “Configuring a Dedicated Indexing POA,” on page 556. 
See also /qfbaseoffset, /gfbaseoffsetinminute, /gfinterval, / 
gfintervalinminute, and /nogf. 


See /norecover. 


See Section 38.4.1, “Adjusting the Number of POA Threads for 
Database Maintenance,” on page 559. 
See also /gwchkthreads and /nogwchk. 


See Section 36.4.3, “Performing Nightly User Upkeep,” on page 513. 
See also /nuuoffset, /nonuu, /rdaboffset, and /nordab. 


See Section 36.4.2, “Scheduling Disk Space Management,” on 
page 510. 
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ConsoleOne Properties Pages 
and Settings 


Log File Path 
Logging Level 

Max Log File Age 
Max Log Disk Space 


POA Scheduled Events 
Page 


Disk Check Event 


Mailbox/Library Maintenance 
Event 


POA SSL Settings Page 


Certificate File 
SSL Key File 
Password 


Post Office Settings Page 


Remote User Name 
Remote Password 


Post Office Client Access 
Settings Page 


Lock Out Older GroupWise 
Clients 


Minimum Client Release 
Version 


Minimum Client Release Date 


Enable Intruder Detection 
Incorrect Logins Allowed 
Incorrect Login Reset Time 
Lockout Reset Time 


Post Office Security Page 
LDAP Authentication 


Corresponding Tasks and Startup Switches 


See Section 37.3, “Using POA Log Files,” on page 538. 
See also /log, /logdays, /logdiskoff, /loglevel, and /logmax. 


See Section 36.4.2, “Scheduling Disk Space Management,” on 
page 510. 


See Section 36.4.1, “Scheduling Database Maintenance,” on page 507. 


See Section 36.3.3, “Securing the Post Office with SSL Connections to 
the POA,” on page 498. 
See also /certfile, /keyfile, /keypassword. 


See /user and /password. 


See Section 36.2.6, “Checking What GroupWise Clients Are in Use,” on 
page 492. 

See also /gwclientreleasedate, /gwclientreleaseversion, and / 
enforceclientversion. 


See Section 36.3.5, “Enabling Intruder Detection,” on page 506. 
See also /intruderlockout, /incorrectloginattempts, / 
attemptsresetinterval, and /lockoutresetinterval. 


See Section 36.3.4, “Providing LDAP Authentication for GroupWise 
Users,” on page 501. 

See also /Idapipaddr, /Idapport, /Idapuser, /Idappwd, / 
Idapuserauthmethod, /Idapdisablepwdchg, /Idapssl, /Idapsslkey,/ 
Idaptimeout, and /noldapx. 

See also /Idapippooln, /Idappoolresettime, /Idapportpooln, /Idapsslpooln, 
and /Idapsslkeypooln 


After you install the POA software, you can further configure the POA using a startup file. See 
Chapter 39, “Using POA Startup Switches,” on page 565 to survey the many ways the POA can be 


configured. 
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36.1.3 Changing the Link Protocol between the Post Office and 
the Domain 
How messages are transferred between the POA and the MTA is determined by the link protocol in 


use between the post office and the domain. For a review of link protocols, see Section 10.1.3, “Link 
Protocols for Direct Links,” on page 141. 


If you need to change from one link protocol to another, some reconfiguration of the POA and its 
link to the domain is necessary. 


+ “Using TCP/IP Links between the Post Office and the Domain” on page 481 
+ “Using Mapped or UNC Links between the Post Office and the Domain” on page 483 





NOTE: The Linux POA requires TCP/IP links between the post office and the domain. 





Using TCP/IP Links between the Post Office and the Domain 


To change from a mapped or UNC link to a TCP/IP link between a post office and its domain, you 
must perform the following two tasks: 

+ “Configuring the Agents for TCP/IP” on page 481 

+ “Changing the Link between the Post Office and the Domain to TCP/IP” on page 482 


Configuring the Agents for TCP/IP 
1 Ifthe MTA in the domain is not yet set up for TCP/IP communication, follow the instructions 
in “Configuring the MTA for TCP/IP” on page 618. 


2 To make sure the POA is properly set up for TCP/IP communication, follow the instructions in 
Section 36.2.1, “Using Client/Server Access to the Post Office,” on page 486. 


Only one POA per post office needs to communicate with the MTA. If the post office has 
multiple POAs, have a POA that performs message file processing communicate with the MTA 
for best performance. For information about message file processing, see Section 35.5, “Role 
of the Post Office Agent,” on page 469. 


3 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
4 Click GroupWise > Network Address to display the Network Address page. 
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Properties of POA 


GroupWise v | NDS Rights v | Other | Rights to Files and Folders 
Network Address 





TCPAP Address: ibd-nyv prova novell.com 





Proxy Server Address: 





IPX/SPX Address: 


I Bind Exclusively to TCPAP Address 


Port SSL SSL Port 


Message Transfer: 7101 + Disabled ¥ 
HTTP: 7181 $| [Disabled 7 


Local Intranet Client/Server: | 1677 H Disabled x 
Internet Proxy Client/Server: [oo + [Disabled +] 
MAP: [ 143 $| Joisablea ~] [ 993 $ 
SOAP: [ 7191 $| [Disabiea ~ 














Page Options... ok | Cancel | Apply | Help | 





5 In the Message Transfer field, specify the TCP port on which the POA will listen for incoming 
messages from the MTA. 


The default message transfer port for the POA to listen on is 7101. 
6 Click OK to save the TCP/IP information and return to the main ConsoleOne window. 


Corresponding Startup Switches 


You can also use the /mtpinipaddr and /mtpinport startup switches in the POA startup file to set the 
incoming IP address and port. 


Changing the Link between the Post Office and the Domain to TCP/IP 


1 In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration. 
2 Inthe drop-down list, select the domain where the post office resides. 


3 Click Post Office Links, then double-click the post office for which you want to change the link 
protocol. 


4 Inthe Protocol field, select TCP/IP. 


Edit Post Office Link 


Post Office: Development 





Protocol: cpap 


X 


Post Office Agent: |POA 


IP Address: ibd-nvy provo.novell.com : 7101 Fi 





Client/Server Port: [1677 
Maximum send message size: 0 + MBytes 





5 Make sure the information displayed in the Edit Post Office Link dialog box matches the 
information on the Network Address page for the POA. 


6 Click OK. 


7 To exit the Link Configuration tool and save your changes, click File > Exit > Yes. 
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ConsoleOne then notifies the POA and MTA to restart using the new link protocol. 


For a sample message flow for this configuration, see “TCP/IP Link Open: Transfer between Post 
Offices Successful” in “Message Delivery to a Different Post Office” in GroupWise 7 
Troubleshooting 3: Message Flow and Directory Structure. 


Corresponding Startup Switches 
You can also use the /mtpoutipaddr and /mtpoutport startup switches in the POA startup file to set 
the outgoing IP address and port. 


Using Mapped or UNC Links between the Post Office and the Domain 
To change from a TCP/IP link to a mapped or UNC link between a post office and its domain: 


1 In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration. 


2 Inthe drop-down list, select the domain where the post office resides. 


3 Click Post Office Links, then double-click the post office for which you want to change the link 


protocol. 

In the Protocol field, select Mapped or UNC. 

Provide the location of the post office in the format appropriate to the selected protocol. 
Click OK. 


To exit the Link Configuration tool and save your changes, click File > Exit > Yes. 


NO 01 fb 


ConsoleOne then notifies the POA and MTA to restart using the new link protocol. 


36.1.4 Binding the POA to a Specific IP Address 


You can now cause the POA to bind to a specified IP address when the server where it runs uses 
multiple IP addresses. The specified IP address is associated with all ports used by the agent. 
Without an exclusive bind, the POA binds to all IP addresses available on the server. 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Network Address to display the Network Address page. 


Properties of POA 


GroupWise + | NDS Rights v | Other | Rights to Files and Folders 
Network Address 





TCPAP Address: ibd-nw.provo.novell.com 





Proxy Server Address: 





IPX/SPX Address: 
T Bind Exclusively to TCPAP Address 


Port SSL SSL Port 
Message Transfer: 7101 + Disabled Y | 








HTTP: 7181 | |pisabied ~ | 





Local Intranet Client/Server: 1677 | Disabled x | 





Internet Proxy Client/Server: 0 Disabled 7] 





a 
v 
a 
x 


MAP: 143 Disabled >| [ 993-2 

















SOAP: $| [Disabled > | 


Page Options... Cancel Apply Help 
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3 Select Bind Exclusively to TCP/IP Address, then click OK to save your change. 


Corresponding Startup Switches 
You can also use the /ip and /mtpoutport startup switch in the POA startup file to establish an 
exclusive bind to the specified IP address. 


36.1.5 Moving the POA to a Different Server 


As your GroupWise system grows and evolves, you might need to move a POA from one server to 
another. For example, you might decide to run the POA on a different platform, or perhaps you want 
to move it to a server that has more memory. 

1 When moving the POA, pay special attention to the following details: 


+ For a POA configured for client/server processing, reconfigure the POA object with the 
new IP address and port number for the POA to use on the new server. See Section 36.2.1, 
“Using Client/Server Access to the Post Office,” on page 486. 


+ For the NetWare POA, if it was originally on the same server where the post office is 
located and you are moving it to a different server, add the /dn switch or the /user and / 
password switches to the POA startup file to give the NetWare POA access to the server 
where the post office is located. You can also provide user and password information on 
the Post Office Settings page. 


2 Install the POA on the new server, as described in “Installing GroupWise Agents” in the 
GroupWise 7 Installation Guide. 


3 Start the new POA, as described in the following sections in the GroupWise 7 Installation 
Guide: 


+ “Starting the NetWare GroupWise Agents” 
+ “Starting the Linux Agents with a User Interface” 
+ “Starting the Windows GroupWise Agents” 


4 Observe the new POA to see that it is running smoothly, as described in Chapter 37, 
“Monitoring the POA,” on page 515. 


5 Stop the old POA. 


6 If you are no longer using the old server for any GroupWise agents, you can remove them to 
reclaim the disk space, as described in the following sections in the GroupWise 7 Installation 
Guide: 


+ “Uninstalling the NetWare GroupWise Agents” 
+ “Uninstalling the Linux GroupWise Agents” 
+ “Uninstalling the Windows GroupWise Agents” 


36.1.6 Adjusting the POA for a New Post Office Location 


If you move a post office from one server to another, you also need to edit the POA startup file to 
provide the new location of the post office directory. 


1 Stop the POA for the old post office location if it is still running. 
2 Use an ASCII text editor to edit the POA startup file. 


The POA startup file is named after the post office name, plus a .poa extension. 
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NetWare Only the first 8 characters of the post office name are used in the filename. The 


and startup file is typically located in the directory where the POA software is installed. 
Windows: 
Linux: The full post office name is used in the filename. However, all letters are lowercase 


and any spaces in the post office name are removed. The startup file is located in the 


/opt/novell/groupwise/agents/share directory. 


3 Adjust the setting of the /home switch to point to the new location of the post office directory. 
4 Save the POA startup file. 


5 Start the POA for the new post office location, as described in the following sections in the 
Group Wise 7 Installation Guide: 


+ “Starting the NetWare GroupWise Agents” 


+ “Starting the Linux Agents with a User Interface” 


+ “Starting the Windows GroupWise Agents” 
6 Adjust the link between the post office and the domain. See Section 41.1.7, “Adjusting the 


MTA for a New Location of a Domain or Post Office,” on page 626. 


36.1.7 Adjusting the POA Logging Level and Other Log 


Settings 


When installing or troubleshooting the POA, a logging level of Verbose can be useful. However, 
when the POA is running smoothly, you can set the logging level down to Normal to conserve disk 


space occupied by log files. 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Log Settings to display the Log Settings page. 


Properties of POA 


GroupWise + | NDS Rights v | Other | Rights to Files and Folders | 


Log Settings 


Log File Path: 
Logging Level: 
Max Log File Age: 


Max Log Disk Space: 


Page Options... 











Normal 





Cancel 











3 Set the desired settings for logging. 
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For more information about log settings and log files, see Section 37.3, “Using POA Log 
Files,” on page 538. 


Corresponding Startup Switches 
You can also use the /log, /loglevel, /logdays, /logmax, and /logdiskoff switches in the POA startup 
file to configure logging. 


POA Web Console 
You can view and search POA log files on the Log Files page. 


36.2 Configuring User Access to the Post Office 


As described in Section 35.4, “Post Office Access Mode,” on page 468, the Group Wise 6.x client 
defaults to client/server access mode. The following topics help you configure the POA to customize 
the types of client/server access provided to the post office: 

+ Section 36.2.1, “Using Client/Server Access to the Post Office,” on page 486 


+ Section 36.2.2, “Simplifying Client/Server Access with a GroupWise Name Server,” on 
page 488 


+ Section 36.2.3, “Supporting IMAP Clients,” on page 490 

+ Section 36.2.4, “Supporting SOAP Clients,” on page 491 

+ Section 36.2.5, “Supporting CAP Clients,” on page 492 

+ Section 36.2.6, “Checking What GroupWise Clients Are in Use,” on page 492 
+ Section 36.2.7, “Supporting Forced Mailbox Caching,” on page 494 

¢ Section 36.2.8, “Restricting Message Size between Post Offices,” on page 495 


36.2.1 Using Client/Server Access to the Post Office 


To make sure the GroupWise client has proper client/server access to the post office: 


1 Make sure TCP/IP is properly set up on the server where the POA is running. 
2 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
3 Click GroupWise > Agent Settings to display the Agent Settings page. 
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Properties of POA 


NDS Rights + | Other | Rights to Files and Folders | 


Message File Processing: 

Message Handler Threads: 

IV Enable TCPAP (for Client/Server) 

TCP Handler Threads: 

Max Physical Connections: 

Max App Connections: 

IV Enable Caching 

CPU Utilization (NetWare): 

Delay Time (NetWare): 

Max Thread Usage for Priming and Moves: 
1 Enable IMAP 

Max IMAP Threads: 

|” Enable SOAP 

Max SOAP Threads: 

T Disable Administration Task Processing 
IV Enable SNMP 


OMMAN Annana nite M Atl China 


Page Options... 


ju x] 
[ e2 


[ +] 
[ 1024 2| 
[ 2048 $ 


85 4 percent 
100 4 milliseconds 
30 4 percent 














4 Make sure that Enable TCP/IP (for Client/Server) is selected. 


The default numbers of physical connections and application connections are appropriate for a 
post office with as many as 500 users. If you are configuring the POA to service more than 500 
users, see Section 38.1.2, “Adjusting the Number of Connections for Client/Server 
Processing,” on page 549 for more detailed recommendations. Configuring the POA with 
insufficient connections can result in error conditions. 


Properties of POA 


GroupWise + | NDS Rights v | Other 
Network Address 


TCPAP Address: 
Proxy Server Address: 


IPX/SPX Address: 
I” Bind Exclusively to TCPAP Address 


Port 


[ 7101 4) 
[7181 +] 
Local Intranet Client/Server: | 1677 +) 
Internet Proxy Client/Server: [oo 3 
[ 124] 
[71914] 


Message Transfer: 


HTTP: 


IMAP: 


Edit Network Address 


5 Click GroupWise > Network Address. 


| Rights to Files and Folders 





ibd-nyv provo.novell.com 





SSL SSL Port 


(Disabled +] 
Disabled +] 
Disabled +] 
[pisapiea =] 
Disabled =] [ 993 
[Disabied =] 








dialog box. 


x | 


Apply | 


Cancel | 





6 Onthe Network Address page, click the pencil icon for the TCP/IP Address field to display the 
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Edit Network Address 


TCPAP Address 





© IP Address: 








© DNS Host Name: |ibd-nw.provo.novell com| 


Cancel Help 





7 Select IP Address, then specify the IP address, in dotted decimal format, of the server where the 
POA is running. 


or 


Select DNS Host Name, then provide the DNS hostname of the server where the POA is 
running. 





IMPORTANT: The POA must run on a server that has a static IP address. DHCP cannot be 
used to dynamically assign an IP address for it. 





Specifying the DNS hostname rather than the IP address makes it easier to move the POA from 
one server to another, should the need arise at a later time. You can assign a new IP address to 
the hostname in DNS, without needing to change the POA configuration information in 
ConsoleOne. 


8 Click OK. 


9 Tousea TCP port number other than the default port of 1677, type the port number in the Local 
Intranet Client/Server Port field. 


If multiple POAs will run on the same server, each POA must have a unique TCP port number. 


10 For optimum security, select Required in the SSL drop-down list for local intranet client/server 
connections, Internet client/server connections, or both. For more information, see 
Section 36.3.3, “Securing the Post Office with SSL Connections to the POA,” on page 498. 


11 Click OK to save the network address and port information and return to the main ConsoleOne 
window. 


ConsoleOne then notifies the POA to restart with client/server processing enabled. 


For a sample message flow for this configuration, see “Message Delivery in the Local Post Office” 
in GroupWise 7 Troubleshooting 3: Message Flow and Directory Structure. 


Corresponding Startup Switches 

You can also use the /port switch in the POA startup file to provide the client/server port number. 
On a server with multiple IP addresses, you can use the /ip switch to bind the POA to a specific 
address. 


POA Web Console 
You can view the TCP/IP address and port information for the POA on the Configuration page 
under the Client/Server Settings heading. 


36.2.2 Simplifying Client/Server Access with a GroupWise 
Name Server 
If GroupWise users are set up correctly in eDirectory, the GroupWise client can determine which 


post office to access for each user based on the information stored in eDirectory. This lets the 
Group Wise client start automatically in client/server mode without users needing to know and 
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provide any IP address information. However, some GroupWise users might be on platforms where 
eDirectory is not in use. To fill the same function for non-eDirectory users, you can set up a 
GroupWise name server. 


A GroupWise name server redirects each Group Wise client user to the IP address and port number 
of the POA that services the user’s post office. By setting up a GroupWise name server, non- 
eDirectory GroupWise client users do not need to know and provide any IP address information 
when they start the GroupWise client in client/server mode. The GroupWise name server takes care 
of this for them. 

+ “Required Hostnames” on page 489 

+ “Required Port Number” on page 489 

+ “How a Group Wise Name Server Helps the Group Wise Client Start” on page 489 

+ “Setting Up a Group Wise Name Server” on page 489 


Reguired Hostnames 


The primary Group Wise name server must be designated using the hostname ngwnameserver. You 
can also designate a backup Group Wise name server using the hostname ngwnameserver2. 


Reguired Port Number 


Each server designated as a Group Wise name server must have a POA running on it that uses the 
default port number of 1677. Other agents can run on the same server, but one POA must use the 
default port number of 1677 in order for the GroupWise name server to function. For setup 
instructions, see Section 36.2.1, “Using Client/Server Access to the Post Office,” on page 486. 


How a GroupWise Name Server Helps the GroupWise Client Start 


After a server has been designated as ngwnameserver, and a POA using the default port number of 
1677 is running on that server, the GroupWise client can connect to the POA of the appropriate post 
office by contacting the POA located on ngwnameserver. If ngwnameserver is not available, the 
client next attempts to contact the backup name server, ngwnameserver2. If no GroupWise name 
server is available, the user must provide the IP address and port number of the appropriate POA in 
order to start the GroupWise client in client/server mode. 


Setting Up a GroupWise Name Server 


1 Make sure that TCP/IP is set up and functioning on your network. 

2 Know the IP address of the server you want to set up as a Group Wise name server. 
3 Make sure the POA on that server uses the default TCP port of 1677. 
4 


If you want a backup GroupWise name server, identify the IP address of a second server where 
the POA uses the default TCP port of 1677. 


5 Use your tool of choice for modifying DNS. 


NetWare: You can use INETCFG. 
Linux: You can use the YaST Control Center. 


Windows: You can use DNS Manager. 
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6 Create an entry for the IP address of the first POA and give it the hostname ngwnameserver. 


7 Ifyou want a backup name server, create an entry for the IP address of the second 
POA and give it the hostname ngwnameserver2. 


You must use the hostnames ngwnameserver and ngwnameserver2. Any other hostnames are 
not recognized as GroupWise name servers. 


8 Save your changes. 
As soon as the hostname information replicates throughout your system, GroupWise client users can 


start the GroupWise client in client/server mode without specifying a TCP/IP address and port 
number. 


36.2.3 Supporting IMAP Clients 


You can configure the POA so that IMAP (Internet Messaging Application Protocol) clients such as 
Netscape Mail, Eudora Pro, Microsoft Outlook, and Entourage* can connect to the post office much 
like the Group Wise client does. 





NOTE: IMAP clients connecting to your GroupWise system from outside your firewall must 
connect through the Internet Agent, as described in Section 46.3, “Configuring POP3/IMAP4 
Services,” on page 739, rather than through the POA. Connecting directly through the POA provides 
faster access for internal IMAP clients. 





1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Agent Settings to display the Agent Settings page. 


Properties of POA 
NDS Rights v | Other | Rights to Files and Folders: | 


Message File Processing: All VT 
Message Handler Threads: 6 + 


IV Enable TCPAP (for Client/Server) 
TCP Handler Threads: [010 4 
Max Physical Connections: [1024 + 
Max App Connections: [ 2048 4 

IV Enable Caching 
CPU Utilization (NetWare): [85 $ percent 
Delay Time (NetWare): [100 4 milliseconds: 
Max Thread Usage for Priming and Moves: [30 4 percent 

T Enable IMAP 
Max IMAP Threads: [50 3 

I Enable SOAP 








Max SOAP Threads: 20 3 
T Disable Administration Task Processing 





IV Enable SNMP 





nan © he M DA vine 


Page Options... Cancel 








3 Select Enable IMAP. 


The default maximum number of IMAP threads is 40. This is adequate for most post offices, 
because each IMAP thread can service multiple IMAP clients. New threads are started 
automatically to service clients until the maximum number is reached. 


4 To secure IMAP connections to the post office, click GroupWise > Network Address, then 
select Required in the IMAP SSL drop-down list. 
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For additional instructions about using SSL connections, see Chapter 71, “Encryption and 
Certificates,” on page 1121. 


5 Click OK to save the IMAP settings and return to the main ConsoleOne window. 
ConsoleOne then notifies the POA to restart with IMAP enabled. 


Corresponding Startup Switches 
You can also use the /imap, /imapmaxthreads, /imapport, /imapssl, /imapsslport, and /imapreadlimit 
startup switches in the POA startup file to configure the POA to support IMAP clients. 


POA Web Console 
You can see whether IMAP is enabled on the Configuration page under the General Settings 
heading. 


36.2.4 Supporting SOAP Clients 


Simple Object Access Protocol (SOAP) is used by e-mail clients such as Evolution™ to access 
mailboxes. You can now configure the POA to communicate with SOAP-enabled e-mail clients as it 
has already been doing for IMAP e-mail clients. 


1 In ConsoleOne, browse to and select the POA object to configure, then click Properties. 


2 Click GroupWise > Agent Settings. 


Properties of POA 
DS Rights + | Other | Rights to Files and Folders | 


Message File Processing: lan +] 

Message Handler Threads: 6 4 
IV Enable TCPAP (for Client/Server) 
TCP Handler Threads: [ 10 4 
Max Physical Connections: [1024 4 
Max App Connections: [ 2048 4 
IV Enable Caching 
CPU Ltization (NetWare): [85 | percent 


Delay Time (NetWare): 100 4 miliseconds 


Max Thread Usage for Priming and Moves: 30 4 percent 
[ Enable IMAP 
Max IMAP Threads: 50 +] 





I” Enable SOAP 





Max SOAP Threads: 20 3 
T Disable Administration Task Processing 


IV Enable SNMP 





RIMM Ons «teg a Te 


Page Options... 








3 Fill in the following fields: 
Enable SOAP: Select Enable SOAP to turn on SOAP processing. 


Max SOAP Threads: Specify the maximum number of SOAP threads you want the POA to 
start. The default maximum number of SOAP threads is 20. You can set a lower SOAP thread 
maximum to conserve resources for other processes, but you cannot set the maximum above 
20. You might want to lower the maximum number of SOAP threads if SOAP processing is 
monopolizing system resources that you would prefer to have available for other processes. 
However, insufficient SOAP threads can cause slow response for SOAP client users. 


4 Click Apply to save the SOAP thread settings. 
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5 To secure SOAP connections to the post office, click GroupWise > Network Address, then 
select Enabled in the SSL drop-down list. 


The default SOAP port is 7191 and must be unique on the server. You can change the port 
number if necessary. 


For additional instructions about using SSL connections, see Chapter 71, “Encryption and 
Certificates,” on page 1121. 


6 Click OK. 


ConsoleOne then notifies the POA to restart so the new settings can be put into effect. 


Users of Evolution 2.0 and later can find instructions for connecting to a GroupWise system in the 
Evolution online help. For more information about using Evolution to access a GroupWise mailbox, 
see “Evolution” in “Non-Group Wise Clients” in the GroupWise 7 Interoperability Guide. 


Corresponding Startup Switches 

You can also use the /soap, /soapmaxthreads, /soapport, /soapssl, and /soapthreads startup switches 
in the POA startup file to configure the POA to support SOAP clients. In addition, you can use the / 
evocontrol startup switch to configure the POA to allow only specified versions of Evolution to 
connect to the post office. 


POA Web Console 
You can see whether SOAP is enabled on the Configuration page under the General Settings 
heading. 


36.2.5 Supporting CAP Clients 


You can configure the POA so that CAP (Calendar Access Protocol) clients can connect to the post 
office much like the GroupWise client does. You can use the /cap, /capmaxthreads, /capport, and / 
capssl startup switches in the POA startup file to configure the POA to support CAP clients. 


POA Web Console 


You can see whether CAP is enabled on the Configuration page under the General Settings heading. 


36.2.6 Checking What GroupWise Clients Are in Use 


You can configure the POA to identify GroupWise client users who are running GroupWise clients 
that do not correspond to a specified release version and/or date. You can also force them to update 
to the specified version. 


1 In ConsoleOne, browse to and right-click the Post Office object, then click Properties. 
2 Click GroupWise > Client Access Settings to display the Client Access Settings page. 
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Properties of Development 


|| NDS Rights + | Other | Rights to Files and Folders | 


Lock Out Older GroupWWise Clients 
[7 Minimum Client Release Version (x.x.x): 














[ Minimum Client Release Date: 


[ Disable Logins 





[V Enable Intruder Detection 
Incorrect Logins Allowed: 3 4 (3-10) 


Incorrect Login Reset Time: 15 4 minutes (15-60) 





Lockout Reset Time: 15 3 minutes (15+) 





Page Options... Cancel | 





3 Specify the approved GroupWise release version, if any. 
Only 6.x and later versions of the client are supported for lockout. 
4 Specify the approved GroupWise release date, if any 


You can specify the minimum version, the minimum date, or both. If you specify both 
minimums, any user for which both minimums are not true is identified as running an older 
Group Wise client. 


5 Select Lock Out Older GroupWise Clients for the version and/or date if you want to force users 
to update in order to access their GroupWise mailboxes. 


If you lock out older clients, client users receive an error message and are unable to access their 
mailboxes until they upgrade their GroupWise client software to the minimum required version 
and/or date. 


6 Click OK to save the GroupWise version and/or date settings. 


ConsoleOne then notifies the POA to restart so the new settings can be put into effect. 


Corresponding Startup Switches 

You can also use the /gwclientreleaseversion, /gwclientreleasedate, and /enforceclientversion 
startup switches in the POA startup file to configure the POA to check client version and/or date 
information. 


POA Web Console 

On the Status page of the POA Web console, click C/S Users to display the Current Users page, 
which lists all GroupWise users who are currently accessing the post office. Users who are running 
GroupWise clients older than the approved version and/or date are highlighted in red in the list. 
Users who are running newer versions are shown in blue. 


Historical Note: The capability of identifying client version and date information was first 
introduced in GroupWise 5.5 Enhancement Pack Support Pack 1. Any clients with versions and 
dates earlier than GroupWise 5.5 Enhancement Pack Support Pack | do not appear at all on the 
Current Users page of the POA Web console. 
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36.2.7 Supporting Forced Mailbox Caching 


GroupWise client users have the option to download their GroupWise mailboxes to their 
workstations so they can work without being continuously connected to the network. This is called 
Caching mode. For more information, see Section 64.1.2, “Caching Mode,” on page 1035. 


When client users change to Caching mode, the contents of their mailboxes must be copied to their 
hard drives. This process is called “priming” the mailbox. If users individually decide to use 
Caching mode, the POA easily handles the process. 


If you force all users in the post office to start using Caching mode, as described in Section , 
“Allowing or Forcing Use of Caching Mode,” on page 1036, multiple users might attempt to prime 
their mailboxes at the same time. This creates a load on the POA that can cause unacceptable 
response to other users. 


To configure the POA to handle multiple requests to prime mailboxes: 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Agent Settings to display the Agent Settings page. 


Properties of POA 
NDS Rights + | Other | Rights to Files and Folders | 








Message File Processing: Al x] 
Message Handler Threads: 6 + 
IV Enable TCPAP (for Client/Server) 
TCP Handler Threads: [10 + 
Max Physical Connections: [1024 4 
Max App Connections: [ 2048 4 
IV Enable Caching 
CPU Utilization (NetvVare): [85 {percent 

Delay Time (NetWare): [400 4 milliseconds. 


Max Thread Usage for Priming and Moves: 30 4 percent 


[ Enable IMAP 
Max IMAP Threads: 50 < 
1” Enable SOAP 

a 
Max SOAP Threads: 20 + 











[7 Disable Administration Task Processing 


IV Enable SNMP 








CRAN Oravat nites NO mt China 


Page Options... | Cancel | 








3 Set Max Thread Usage for Priming and Moves as needed. 


By default, the POA allocates only 30% of its TCP handler threads for priming mailboxes for 
users who are using Caching mode for the first time. In a default configuration, this would be 
only two threads. You might want to specify 60 or 80 so that 60% to 80% of POA threads are 
used for priming mailboxes. You might also want to increase the number of TCP handler 
threads the POA can start in order to handle the temporarily heavy load while users are priming 
their mailboxes. See Section 38.1.2, “Adjusting the Number of Connections for Client/Server 
Processing,” on page 549. 


4 Click OK to save the new setting. 


ConsoleOne then notifies the POA to restart so the new setting can be put into effect. 
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Corresponding Startup Switches 
You can also use the /primingmax switch in the POA startup file to configure the POA to handle 


multiple requests to prime mailboxes. 
POA Web Console 


You can change the POA’s ability to respond to caching requests for the current POA session on the 
Configuration page. Under the Client/Server Settings heading, click Max Thread Usage for Priming 
and Live Moves. To increase the number of client/server threads, click Client/Server Processing 
Threads under the Performance Settings heading. 


36.2.8 Restricting Message Size between Post Offices 


You can configure the POA to restrict the size of messages that users are permitted to send outside 
the post office. 


1 In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration. 


KE GroupWise Link Configuration Tool - K:\gwsystem\provot 
File Edt Search View Window Help 


IL SES EE) Poo rmm 1 ST 

















r Undefined: 





p indirect 


*1 Provost (Prova2) 














2 Inthe drop-down list, select the domain where the post office resides, then click Post Office 
Links. 


KE GroupWise Link Configuration Tool - K:\gwsystem\provol 
File Edit Search View Window Help 
| 85 m| aja RI) root ormi a 


Post Office Links for Provat 
Post Office Links for Provot 











Post Office: Development OK 





Protocol: rcpap 


Fi 
Cancel 
+ 
IP Address: 
Client/Server Port: fi 677 
Maximum send message size: 0 3 MBytes 
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4 Inthe Maximum Send Message Size field, specify in megabytes the size of the largest message 
you want users to be able to send outside the post office, then click OK. 


5 To exit the Link Configuration tool and save your changes, click File > Exit > Yes. 
ConsoleOne then notifies the POA to restart using the new maximum message size limit. 


If a user’s message is not sent out of the post office because of this restriction, the user receives an e- 
mail message with a subject line of: 


Delivery disallowed 


plus the subject of the original message. This message provides information to the user about why 
and where the message was disallowed. However, the message is still delivered to recipients in the 
sender’s own post office. 


There are additional ways to restrict the size of messages that users can send, as described in 
Section 12.3.4, “Restricting the Size of Messages That Users Can Send,” on page 185. 


Corresponding Startup Switches 
You can also use the /mtpsendmax startup switch in the POA startup file to restrict message size. 


POA Web Console 

You can view the maximum message size on the Configuration page. You can change the maximum 
message size for the current POA session using the Message Transfer Protocol link on the 
Configuration page. 


36.3 Configuring Post Office Security 


You can configure the POA in various ways to meet the security needs of the post office. 


+ Section 36.3.1, “Securing Client/Server Access through a Proxy Server,” on page 496 


+ Section 36.3.2, “Controlling Client Redirection Inside and Outside Your Firewall,” on 
page 498 


+ Section 36.3.3, “Securing the Post Office with SSL Connections to the POA,” on page 498 
+ Section 36.3.4, “Providing LDAP Authentication for GroupWise Users,” on page 501 

+ Section 36.3.5, “Enabling Intruder Detection,” on page 506 

+ Section 36.3.6, “Configuring Trusted Application Support,” on page 507 


36.3.1 Securing Client/Server Access through a Proxy Server 


If the server where the POA runs is behind your firewall, you can link it to a proxy server in order to 
provide client/server access to the post office for Group Wise client users who are outside the 
firewall. You could also use generic proxy, network address translation (NAT), and port address 
translation (PAT) to achieve the same results. 


If the POA is configured with both an internal IP address and a proxy (external) IP address, the POA 
returns both IP addresses to the GroupWise client when it attempts to log in. The client tries the 
internal address first, and if that does not succeed, it tries the proxy address, then it records which 
address succeeded. If the user moves from inside the firewall to outside the firewall, the client might 
fail to log in on the first attempt, but succeeds on the second attempt. 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
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2 Click GroupWise > Network Address to display the POA Network Address page. 


Properties of POA 


GroupWise + | NDS Rights v | Other | Rights to Files and Folders 
Network Address | 





TCPAP Address: ibd-nw provo novell.com 





Proxy Server Address: 





IPX/SPX Address: 


I” Bind Exclusively to TCPAP Address 


Port SSL SSL Port 


Message Transfer: 7101 4 Disabled x 
HTTP: 7181 $| [Disabled 7 


Local intranet CientiServer: | 1677 $| [Disabled =] 
Internet Proxy Client/Server: [ of [Disabled >| 
MAP: [ 143 $| isabiea =] [ 993 <] 
SOAP: [ 7191 $| [pisabted =] 











Page Options... ok | Cancel | Apny Help | 





3 Make sure the POA is already configured for client/server processing as explained in 
Section 36.2.1, “Using Client/Server Access to the Post Office,” on page 486. 


4 Click the pencil icon for the Proxy Server Address field to display the Edit Network Address 
dialog box. 


KGB Edit Network Address 


TCPAP Address 


Cpadres: [ | |. | 


(° DNS Host Name: |ibd-nw provo.novell.cor| 
Cancel Help 





5 Select JP Address, then specify the external IP address, in dotted decimal format, of the server 
that GroupWise client users access from outside your firewall. 


Typically, this is the public IP address presented externally by your proxy server, generic proxy, 
NAT, or PAT. 


or 
Select DNS Host Name, then provide the DNS hostname of that server. 
6 Click OK. 


7 Ifyou want to use a different port number for the proxy server than you are using for client/ 
server access to the POA itself, provide the port number in the Internet Proxy Client/Server 
field. 


8 Click OK to save the proxy server network address and port and return to the main ConsoleOne 
window. 


ConsoleOne then notifies the POA to restart and begin communicating with the proxy server. 


POA Web Console 
You can list all POAs in your GroupWise system, along with their proxy server addresses. On the 
Configuration page, click IP Addresses Redirection Table under the General Settings heading. 
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36.3.2 Controlling Client Redirection Inside and Outside Your 
Firewall 


When a user tries to access his or her mailbox without providing the IP address of the POA for his or 
her post office, any POA or a GroupWise name server POA can redirect the request to the POA for 
the user’s post office. 


A POA that is configured with both an internal IP address and a proxy IP address automatically 
redirects internal users to internal IP addresses and external users to proxy IP addresses. However, if 
you want to control which users are redirected to which IP addresses based on other criteria than 
user location, you can configure a post office with one POA to always redirect users to internal IP 
addresses and a second POA to always redirect users to proxy IP addresses. Users are then 
redirected based on which POA IP address they provide in the GroupWise Startup dialog box when 
they start the GroupWise client to access their mailboxes. 


1 Configure the initial POA for the post office with the IP address that you want for internal 
users. For instructions, see Section 36.2.1, “Using Client/Server Access to the Post Office,” on 
page 486. 

Do not fill in the Proxy Server Address field on the Network Address page of the POA object. 


2 Create a second POA object in the post office and give it a unique name, such as POA_ PRX. 
For instructions, see Section 36.1.1, “Creating a POA Object in eDirectory,” on page 476. 


3 Configure this second POA with a proxy IP address. For instructions, see Section 36.3.1, 
“Securing Client/Server Access through a Proxy Server,” on page 496. 


Do not fill in the TCP/IP Address field on the Network Address page of the POA object. 
4 Create a startup file for the new instance of the POA. 
4a Use the /name switch to specify the name of the POA object that you created in Step 2. 


4b Use the /ip switch to specify the IP address of the server where this instance of the POA 
runs. 


4c Use the /port switch to specify the client/server port that this instance of the POA listens 
on. 


This information needs to be specified in the POA startup file because this information is 
not specified in ConsoleOne for this instance of the POA. 


5 Start the new instance of the POA. 


6 Give users that you want to be redirected to internal IP addresses the IP address you used in 
Step 1. 


7 Give users that you want to be redirected to proxy IP addresses the IP address you used in 
Step 3. 


36.3.3 Securing the Post Office with SSL Connections to the 
POA 

Secure Sockets Layer (SSL) ensures secure communication between the POA and other programs 
by encrypting the complete communication flow between the programs. For background 


information about SSL and how to set it up on your system, see Chapter 71, “Encryption and 
Certificates,” on page 1121. 


To configure the POA to use SSL: 
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1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Network Address to display the Network Address page. 


Properties of POA 


GroupWise + | NDS Rights v | Other | Rights to Files and Folders: 
Network Address 





TCPAP Address: ibd-nw provo.novell.com 





Proxy Server Address: 








IPX/SPX Address: 
I Bind Exclusively to TCPAP Address 


Port SSL SSL Port 
Message Transfer: 7101 | [Disabled [= | 








HTTP: 7181 $| [Disabled =] 





Local Intranet Client/Server: 1677 + Disabled | 





Internet Proxy Client/Server: 0 4 Disabled x | 





IMAP: 143 $| [Disabled x | 

















SOAP: 7191 $| [Disabled ~ | 


Page Options... OK | Cancel | Apply | Help | 








3 To use SSL connections between the POA and Group Wise clients located inside your firewall, 
select Enabled in the Local Intranet Client/Server SSL drop-down list to let the Group Wise 
client determine whether an SSL connection or non-SSL connection is used. (Non-SSL 
connections are still protected by native Group Wise encryption.) 


or 


For optimum security, select Required in the Local Intranet Client/Server SSL drop-down list if 
you want the POA to force SSL connections, so that non-SSL connections are denied. 





IMPORTANT: Clients older than GroupWise 6.5 cannot connect to the POA if SSL is 
required. 





4 To use SSL connections between the POA and GroupWise clients located outside your firewall 
(for example, across the Internet), select Enabled in the Internet Client/Server SSL drop-down 
list to let the Group Wise client determine whether an SSL connection or non-SSL connection is 
used. (Non-SSL connections are still protected by native GroupWise encryption.) 


or 


For optimum security, select Required in the Internet Client/Server SSL drop-down list if you 
want the POA to force SSL connections, so that non-SSL connections are denied. 





IMPORTANT: Clients older than GroupWise 6.5 cannot connect to the POA if SSL is 
required. 





5 To use SSL connections between the POA and IMAP clients, select Enabled in the IMAP SSL 
drop-down list to let the IMAP client determine whether an SSL connection or non-SSL 
connection is used. 


or 


For optimum security, select Required in the IMAP SSL drop-down list if you want the POA to 
force SSL connections, so that non-SSL connections from IMAP clients are denied. 
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6 To use SSL connections between the POA and SOAP clients, select Enabled in the SOAP SSL 
drop-down list to let the SOAP client determine whether an SSL connection or non-SSL 
connection is used. 


7 To use SSL connections between the POA and its MTA, select Enabled in the Message 
Transfer SSL drop-down list. 


The POA must use a TCP/IP link with the MTA in order to enable SSL for the connection. See 
“Using TCP/IP Links between the Post Office and the Domain” on page 481. 


The MTA must also have SSL enabled for the connection to be secure. See Section 41.2.3, 
“Securing the Domain with SSL Connections to the MTA,” on page 629. If the MTA does not 
have SSL enabled, the POA falls back to native GroupWise encryption. 


8 To use SSL connections between the POA and the POA Web console displayed in your Web 
browser, select Enabled in the HTTP SSL drop-down list. 


To set up the POA Web console, see Section 37.2.1, “Setting Up the POA Web Console,” on 
page 531. 


9 Click Apply to save the settings on the Network Address page. 
10 Click GroupWise > SSL Settings to display the SSL Settings page. 


Properties of POA 
NDS Rights + | Other | Rights to Files and Folders | 





Certificate file: 








SSL key file: 


Set Password 





Page Options... | Cancel | 





For background information about certificate files and SSL key files, see Chapter 71, 
“Encryption and Certificates,” on page 1121. 


By default, the POA looks for the certificate file and SSL key file in the same directory where 
the POA executable is located, unless you provide a full pathname. 


11 In the Certificate File field, browse to and select the public certificate file provided to you by 
your CA. 


12 Inthe SSL Key File field: 
12a Browse to and select your private key file. 
12b Click Set Password. 
12c Provide the password that was used to encrypt the private key file when it was created. 
12d Click Set Password. 
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13 Click OK to save the SSL settings. 
ConsoleOne then notifies the POA to restart and access the certificate and key files. 


Corresponding Startup Switches 
You can also use the /certfile, /keyfile, /keypassword, /httpssl, /mtpssl, /imapssl, and /imapsslport 
switches in the POA startup file to configure the POA to use SSL. 


POA Web Console 

You can view SSL information for the POA on the Status and Configuration pages. In addition, 
when you list the client/server users that are accessing the post office, SSL information is displayed 
for each user. 


36.3.4 Providing LDAP Authentication for GroupWise Users 


By default, GroupWise client users’ passwords are stored in GroupWise user databases, and the 
POA authenticates users to their GroupWise mailboxes by using those Group Wise passwords. For 
background information about passwords, see Chapter 70, “Group Wise Passwords,” on page 1115. 


By enabling LDAP authentication for the POA, users’ password information can be retrieved from 
any network directory that supports LDAP, including eDirectory. For background information about 
LDAP, see Section 72.3, “Authenticating to GroupWise with Passwords Stored in an LDAP 
Directory,” on page 1131. 


When you enable LDAP authentication, it is important to provide fast, reliable access to the LDAP 
directory because Group Wise client users cannot access their mailboxes until they have been 
authenticated. The following sections provide instructions for configuring the POA to make the 
most efficient use of the LDAP servers available on your system: 

+ “Providing LDAP Server Configuration Information” on page 501 

+ “Enabling LDAP Authentication for a Post Office” on page 503 

+ “Configuring a Pool of LDAP Servers” on page 504 


+ “Specifying Failover LDAP Servers (Non-SSL Only)” on page 505 


NOTE: If multiple eDirectory trees are involved, refer to TID 10067272 in the Novell Support 
Knowledgebase (http://www.novell.com/support) for additional instructions. 





Providing LDAP Server Configuration Information 


Information about your available LDAP servers must be provided in ConsoleOne before you can 
enable LDAP authentication for users. 


1 In ConsoleOne, click Tools > GroupWise System Operations > LDAP Servers to display the 
Configure LDAP Servers dialog box. 
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Configure LDAP Servers 


LDAP Servers: 











Name: 





Description: 


I Use SSL 





LDAP Server Address: 2] 


LDAP Port: 389 | 


User Authentication Method: [Bind m 
Select Post Offices 


La] Cancel Help 








3 Inthe Name field, type the name by which you want the LDAP server to be known in your 
Group Wise system. 


4 Inthe Description field, provide additional information about the LDAP server as needed. 


5 Ifthe LDAP server requires an SSL connection, select Use SSL, then browse to and select the 
trusted root certificate of the LDAP server. 


If you do not specify a full path, the POA looks in the following locations for the trusted root 
certificate: 


NetWare: POA installation directory 
Linux: /opt/novell/groupwise/agents/lib/nidap 


Windows: POA installation directory 


For more information about the trusted root certificate, see Section 71.3, “Trusted Root 
Certificates and LDAP Authentication,” on page 1129. 


6 Click the pencil icon for the LDAP Server Address field. 


Edit LDAP Server Address 


TCPAP Address 





(7 IP Address: FI 





{C DNS Host Name: | 





7 Select JP Address, then specify the IP address, in dotted decimal format, of the LDAP server. 


or 
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Select DNS Host Name, then provide the DNS hostname of the LDAP server. 
The default LDAP port is 389 for non-SSL connections and 636 for SSL connections. 
8 Ifthe default port number is already in use, specify a unique LDAP port number. 
9 Click OK to save the LDAP server address and port information. 
10 Inthe User Authentication Method field, select Bind or Compare. 


For a comparison of these methods, see Section 72.3, “Authenticating to GroupWise with 
Passwords Stored in an LDAP Directory,” on page 1131. 


11 Click OK to save the configuration information for the LDAP server. 


12 Repeat Step 2 through Step 11 for each LDAP server that you want to make available to 
Group Wise for LDAP authentication. 


Providing configuration information for multiple LDAP servers creates a pool of LDAP 
servers, which provides fault tolerance and load balancing to ensure fast, reliable mailbox 
access for GroupWise users. 


13 Continue with Section , “Enabling LDAP Authentication for a Post Office,” on page 503 


Corresponding Startup Switches 
You can also use the /Idapipaddr, /Idapport, /Idapuserauthmethod, /Idapssl, and /Idapsslkey startup 
switches in the POA startup file to provide the LDAP server information. 


Enabling LDAP Authentication for a Post Office 
To configure the POA to perform LDAP authentication for the users in a post office: 


1 In ConsoleOne, browse to and right-click the Post Office object, then click Properties. 
2 Click GroupWise > Security to display the Security page. 


Properties of Legal 


GroupWise v | NDS Rights + | Other | Rights to Files and Folders | 
Security 


Security Level: 
C Low 
© High 
High Security Options 





LDAP Server 





LDAP User Name: 


LDAP Password: Set Password 


I Disable LDAP Password Changing 


Inactive Connection Timeout: 30 E seconds 


LDAP Pool Server Reset Timeout: 5 = minutes 





LDAP Server Quarantine Threshold: 2 (sei 


Select Servers 





Page Options... Cancel Apply 








3 For Security Level, select High. 
4 Inthe High Security Options box, select LDAP Authentication. 


5 If you want the POA to access the LDAP server with specific rights to the LDAP directory, 
specify a username that has those rights. 
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If you are using a Novell LDAP server, you can browse for an eDirectory User object. The 
information returned from eDirectory uses the following format: 


cn=username,ou=orgunit,o=organization 


If you are using another LDAP server, you must type the information in the format used by that 
LDAP server. 


If the LDAP username for the POA requires a password, click Set Password, type the password 
twice for verification, then click Set Password. 


For more information about LDAP usernames, see Section 72.3, “Authenticating to GroupWise 
with Passwords Stored in an LDAP Directory,” on page 1131. 


6 If you want to prevent GroupWise users from changing their LDAP passwords by using the 
Password dialog box in the GroupWise client, select Disable LDAP Password Changing. 


This option is deselected by default, so that if users change their passwords in the GroupWise 
client through the Security Options dialog box (Group Wise Windows client > Tools > Options 
> Security) or on the Passwords page (Group Wise WebAccess client > Options > Password), 
their LDAP passwords are changed to match the new passwords provided in the Group Wise 
client. 


7 Ifthe LDAP server is configured for bind connections, as described in “Providing LDAP 


Server Configuration Information” on page 501, specify the number of seconds the POA 
should maintain an inactive connection to the LDAP server. 


The default is 30 seconds. 


8 Ifyou have only one LDAP server, click OK to save the security settings for the post office. 
You have provided all the necessary information to provide LDAP authentication for users in 
the post office. 


or 


If you have multiple LDAP servers and want to configure them into an LDAP server pool, click 
Apply, then continue with “Configuring a Pool of LDAP Servers” on page 504. 


or 


If you have multiple LDAP servers and want to configure them for failover, click OK to save 
the security settings for the post office, then continue with “Specifying Failover LDAP Servers 
(Non-SSL Only)” on page 505. 


Corresponding Startup Switches 

You can also use the /Idapuser, /Idappwd, /Idapdisablepwdchg, and /Idaptimeout startup switches in 
the POA startup file to configure POA access to the LDAP server. By default, the POA looks up 
users’ distinguished names in eDirectory. On NetWare, you can use the /noldapx startup switch to 
have the POA look up users by their e-mail addresses instead of by their distinguished names. 


POA Web Console 

You can see if LDAP is enabled on the Configuration page. Under the General Settings heading, 
click LDAP Authentication to view LDAP settings and change some of them for the current POA 
session. 


Configuring a Pool of LDAP Servers 


You can configure the POA to contact a different LDAP server each time it needs to access the 
LDAP directory. This provides load balancing and fault tolerance because each LDAP server in the 
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pool is contacted equally often by the POA. The LDAP server pool can include as many as five 
servers. 


1 





Make sure you have enabled LDAP Authentication as described in “Enabling LDAP 
Authentication for a Post Office” on page 503. 


In the LDAP Pool Server Reset Timeout field, specify the number of minutes the POA should 
wait before trying to contact an LDAP server in the pool that failed to respond to the previous 
contact. 


The default is 5 minutes. 


Click Select Servers to define the specific pool of LDAP servers that you want to be available 
to users in this post office for LDAP authentication. 


Gg Select LDAP Servers 


Selected Servers Available Servers 
Linux LDAP Server 
NetWare LDAP Server 


4 indows LDAP Server 








E 


Close Help 


Select one or more LDAP servers in the Available Servers list, then click the arrow button to 
move them into the Selected Servers list. 


Click OK to save the list of LDAP servers. 
Click OK to save the security settings for the post office. 
ConsoleOne then notifies the POA to restart so the new LDAP settings can be put into effect. 


Corresponding Startup Switches 

You can also use the /ldapippooln and /Idappoolresettime startup switches in the POA startup file to 
configure the LDAP server pool and the timeout interval. If you choose to configure the LDAP 
server pool in the startup file rather than in ConsoleOne, additional switches must be provided to 
complete the configuration (/Idapportpooln, /Idapsslpooln, and /Idapssikeypooln). Configuring the 
pool in ConsoleOne is the recommended approach. 


If you previously set up LDAP authentication on the post office Security page in ConsoleOne and 
then you add the pooling startup switches to the POA startup file, the pooling switches override any 
LDAP information provided in ConsoleOne. 


Specifying Failover LDAP Servers (Non-SSL Only) 


If the POA does not need to use an SSL connection to your LDAP servers, you can use the / 
Idapipaddr switch to list multiple LDAP servers. Then, if the primary LDAP server fails to respond, 
the POA tries the next LDAP server in the list, and so on until it is able to access the LDAP 
directory. This provides failover LDAP servers for the primary LDAP server but does not provide 
load balancing, because the primary LDAP server is always contacted first. 


1 Make sure you have provided the basic LDAP information on the post office Security page in 


ConsoleOne, as described in “Enabling LDAP Authentication for a Post Office” on page 503. 


2 Edit the POA startup file (post office.poa) with an ASCII text editor. 
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For more information about the POA startup file, see Chapter 39, “Using POA Startup 


Switches,” on page 565. 


3 Use the /Idapipaddr startup switch to list addresses for multiple LDAP servers. Use a space 


between addresses. 


For example: 


fdapipaddr-172.16.5.18 172.16.15.19 172.16.5.20 





IMPORTANT: Do not include any LDAP servers that require an SSL connection. There is 
currently no way to specify multiple SSL key files unless you are using pooled LDAP servers, 
as described in “Configuring a Pool of LDAP Servers” on page 504. 





4 Save the POA startup file, then exit the text editor. 
5 Stop the POA, then start the POA so that it reads the updated startup file. 


36.3.5 Enabling Intruder Detection 


You can configure the POA to detect system break-in attempts in the form of repeated unsuccessful 
logins. This feature can be especially helpful when allowing Remote client users to establish client/ 
server connections to MTAs in your system. See Section 41.2.2, “Enabling Live Remote,” on 


page 629. 


1 In ConsoleOne, browse to and right-click the Post Office object, then click Properties. 
2 Click GroupWise > Client Access Settings to display the Client Access Settings page. 


Properties of Development 


NDS Rights + | Other | Rights to Files and Folders 


Lock Out Older GroupWise Clients 





[ Minimum Client Release Date: 


[ Disable Logins 
[V Enable Intruder Detection 





Incorrect Logins Allowed: 
Incorrect Login Reset Time: 


Lockout Reset Time: 


Page Options... 


F Minimum Client Release Version (x.x.x): 








3 e419 


15 5 minutes (15-60) 








15 E minutes (15+) 


Cancel Apply 





3 Select Enable Intruder Detection. 


4 Specify how many unsuccessful login attempts are allowed before the user is locked out. 


The default is 5: valid values range from 3 to 10. 


5 Specify in minutes how long unsuccessful login attempts are counted. 


The default is 15; valid values range from 15 to 60. 


6 Specify in minutes how long the user login is disabled. 
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The default is 30; the minimum setting is 15. 
7 Click OK to save the intruder detection settings. 
ConsoleOne then notifies the POA to restart so the new settings can be put into effect. 
If a user gets locked out by intruder detection, his or her GroupWise account is disabled. To restore 
access for the user in ConsoleOne, right-click the User object, click GroupWise > Account, then 


deselect Disable Logins. At restore access for the user at the POA Web console, click Configuration 
> Intruder Detection, then clear the lockout. 


Corresponding Startup Switches 

You can also use the /intruderlockout, /incorrectloginattempts, /attemptsresetinterval, and / 
lockoutresetinterval startup switches in the POA startup file to configure the POA for intruder 
detection. 


POA Web Console 
You can view current intruder detection settings on the Configuration page and change them using 
the Intruder Detection link. 


36.3.6 Configuring Trusted Application Support 


For background information about setting up trusted applications in ConsoleOne, see Section 4.12, 
“Trusted Applications,” on page 69. 


36.4 Configuring Post Office Maintenance 


You can configure the POA to manage databases and disk space in the post office on a regular basis: 


+ Section 36.4.1, “Scheduling Database Maintenance,” on page 507 
+ Section 36.4.2, “Scheduling Disk Space Management,” on page 510 
+ Section 36.4.3, “Performing Nightly User Upkeep,” on page 513 


36.4.1 Scheduling Database Maintenance 


By default, the POA performs one recurring database maintenance event. At 12:00 a.m. each Friday, 
the POA performs a structural check of all user, message, and document databases in the post office. 
You can modify this default database maintenance event, or create additional database maintenance 
events for the POA to perform on a regular basis. 

1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 


2 Click GroupWise > Scheduled Events to display the Scheduled Events page. 
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Properties of POA 


GroupWise v | NDS Rights v | Other | Rights to Files and Folders | 
Scheduled Events 


Scheduled events used by this agent: 
Default POA Disk Check Event 
IV Default POA Mailbox/Library Maintenance Event 








Page Options... Cancel | Apply | Help | 





The Scheduled Events page lists a pool of POA events available to all POAs in your 
GroupWise system. 


To modify the default database maintenance event, which affects all POAs that have this 
database maintenance event enabled, select Default POA Mailbox/Library Maintenance Event, 
then click Edit. 


or 


To create a new database maintenance event, which is added to the pool of POA events that can 
be enabled for any POA in your GroupWise system, click Create, then type a name for the new 
database maintenance event. Select Mailbox/Library Maintenance in the Type field. 





NOTE: If the Create button is dimmed and you have a View button rather than an Edit button, 
you are connected to a secondary domain in a GroupWise system where Restrict System 
Operations to Primary Domain has been selected under System Preferences. For more 
information, see Section 4.2, “System Preferences,” on page 53. 





Edit Scheduled Event 





Name: Default POA Mailbox/Library Maintenance Event 








Event Type: Mailbox/Library Maintenance 


Trigger 


C Weekday 





© Daily 12:00 AM 
© Interval 


Actions 





FF Default POA Mailbox/Library Maintenance Actions 


Cancel Help 
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4 In the Trigger box, specify when you want the database maintenance event to take place. 


You can have the database maintenance event take place once a week, once a day, or at any 


other regular interval, at whatever time you choose. 


Below the Trigger box is listed the pool of POA database maintenance actions that are 
available for inclusion in all POA database maintenance events in your GroupWise system. 


5 To modify the default database maintenance action, select Default POA Mailbox/Library 


Maintenance Actions, then click Edit. 


or 


To create a new database maintenance action, click Create, then type a name for the new 


database maintenance action. 


Database maintenance actions and options you can schedule include: 


Actions 
Analyze/Fix Databases 


Structure 

Index check 

Contents 

Collect statistics 

Fix problems 

Reset user disk space totals 


Analyze/Fix Library 


Verify library 

Fix document/version/element 
Verify document files 

Validate security 

Synchronize username 
Reassign orphaned documents 
Reset word lists 


Options on Actions 
Databases 


User 
Message 
Document 


Logging 


Log file 
Verbose log level 


Results mailed to 


Administrator 
Individual users 


Exclude 
Selected users 
Notification 


Action status 


For more detailed descriptions of the above actions, click Help in the Scheduled Event Actions 
dialog box. See also Chapter 27, “Maintaining User/Resource and Message Databases,” on 
page 385 and Chapter 28, “Maintaining Library Databases and Documents,” on page 391. 


6 Select and configure the database maintenance action to perform for the database maintenance 


event. 


7 Click OK three times to close the various scheduled event dialog boxes and save the modified 


database maintenance event. 


ConsoleOne then notifies the POA to restart so the new or modified database maintenance 


event can be put into effect. 


POA Web Console 


You can see what database maintenance events the POA is scheduled to perform at the bottom of the 


Configuration page. 
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36.4.2 Scheduling Disk Space Management 


By default, the POA performs one recurring disk space management event. Every 5 minutes, the 
POA checks to make sure there is at least 100 MB of free disk space in the post office directory. If 
there is ever less than 100 MB of free disk space, the POA performs a Reduce operation on the user 
and message databases in the post office. You can modify this default disk space management event, 
or create additional disk space management events for the POA to perform on a regular basis. 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Maintenance to display the POA Maintenance page. 


[V Enable Automatic Database Recovery 


Maintenance Handler Threads: 





[V Perform User Upkeep 
Start User Upkeep: hours after midnight 
IV Generate Address Book for Remote 
Start Address Book Generation: hours after midnight 


Disk Check Interval: minutes 








Disk Check Delay: hours 





Page Options... | Cancel | 





3 To change the interval at which the selected POA checks for free disk space in its post office, 
adjust the number of minutes in the Disk Check Interval field as needed. 


The default is 5 minutes, which could be much too frequent if plenty of disk space is readily 
available. 


When a disk space problem is encountered, the time interval no longer applies until after the 
situation has been corrected. Instead, the POA continually checks available disk space to 
determine if it can restart message threads that have been suspended because of the low disk 
space condition. 


4 To change the amount of time the POA allows to pass before notifying the administrator again 
of an already reported problem condition, adjust the number of hours in the Disk Check Delay 
field as needed. 


The default is 2 hours. 
5 Client Apply to save the maintenance settings. 
6 Click GroupWise > Scheduled Events to display the Scheduled Events page. 


510 GroupWise 7 Administration Guide 


Properties of POA 


GroupWise v | NDS Rights v | Other | Rights to Files and Folders 
Scheduled Events 


Scheduled events used by this agent: 
Default POA Disk Check Event 
IV Default POA Mailbox/Library Maintenance Event 











Page Options... Cancel | Apply | Help | 





The Scheduled Events page lists a pool of POA events available to all POAs in your 
Group Wise system. 


7 To modify the default disk space management event, which affects all POAs that have this disk 
space management event enabled, select Default POA Disk Check Event, then click Edit. 


or 


To create a new disk space management event, which is added to the pool of POA events that 
can be enabled for any POA in your GroupWise system, click Create, then type a name for the 
new disk space management event. Select Disk Check in the Type field. 


NOTE: If the Create button is dimmed and you have a View button rather than an Edit button, 
you are connected to a secondary domain in a GroupWise system where Restrict System 
Operations to Primary Domain has been selected under System Preferences. For more 
information, see Section 4.2, “System Preferences,” on page 53. 





Edit Scheduled Event 


Name: 





Event Type: [Disk Check 
Trigger 


C Percent Trigger actions at: 





C MB Stop mail processing at: 


Actions 





Default POA Disk Check Actions 
T Low Disk Space Actions 


Cancel Help 





8 Inthe Trigger box, select Percent or MB to determine whether you want the amount of 
available disk space measured by percentage or by megabytes. 
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In the Trigger Actions At field, specify the minimum amount of available disk space you want 
to have in the post office. When the minimum amount is reached, the Disk Check actions are 
triggered 


In the Stop Mail Processing At field, specify the minimum amount of available disk space at 
which you want the POA to stop receiving and processing messages. 


Below the Trigger box is listed the pool of disk space management actions that are available for 
inclusion in all POA disk space management events in your GroupWise system. 


To modify the action that the default disk space management event includes, select Default 
POA Disk Check Actions, then click Edit. 


or 


To create a new disk space management action, click Create, then type a name for the new disk 
space management action. 


Disk space management actions and options you can schedule include: 


Actions 


Reduce/Expire Messages 


Reduce only 
Expire and reduce 
- Items older than 


- Downloaded items older than 


- Items larger than 
- Trash older than 
- Reduce mailbox to 


- Reduce mailbox to limited size 


Include 

- Received items 

- Sent items 

- Calendar items 

- Only backed-up items 


Archive/Delete Documents 


Delete Activity Logs 


Options on Actions 


Databases 


User 
Message 
Document 


Logging 


Log file 
Verbose log level 


Results 


Administrator 
Individual users 


Misc 
Support options 
Exclude 


Selected users 


For more detailed descriptions of the above actions, click Help in the Scheduled Event Actions 
dialog box. See also Chapter 30, “Managing Database Disk Space,” on page 399. 


12 Select and configure the disk space management action to perform. 


13 Click OK twice to close the scheduled event dialog boxes and save the modified disk space 


management event. 


ConsoleOne then notifies the POA to restart so the new or modified disk space management 


event can be put into effect. 


You might want to create several disk space management events with different triggers and actions. 
For example, at 250 MB, you could mail a warning to the administrator; at 200 MB, you could have 
the POA perform a Reduce Only; at 150 MB, you could have the POA perform an Expire and 


Reduce. 
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For some specific suggestions on implementing disk space management, see Section 12.3, 
“Managing Disk Space Usage in the Post Office,” on page 182. 


POA Web Console 
You can view the currently scheduled disk check events on the Scheduled Events page. 


36.4.3 Performing Nightly User Upkeep 


To keep GroupWise users’ mailboxes and calendars up to date, the following activities must be 
performed each day: 

+ Delete expired items from users’ mailboxes 

+ Empty expired items from the Trash 

+ Synchronize each user’s Frequent Contacts Address Book with the GroupWise Address Book 


+ Synchronize user addresses in personal groups with the GroupWise Address Book, in case 
users have been moved, renamed, or deleted 


+ Advance uncompleted tasks to the next day 
The first two activities used to be performed by the GroupWise client, but to minimize user wait 
time, the client no longer deletes expired items. You can configure the POA to take care of these user 
upkeep activities once a day, at a convenient time. 

1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 

2 Click GroupWise > Maintenance to display the POA Maintenance page. 


Properties of POA 
NDS Rights + | Other | Rights to Files and Folders | 


[V Enable Automatic Database Recovery 


Maintenance Handler Threads: 4 + 





[V Perform User Upkeep 


4» 


Start User Upkeep: 1 hours after midnight 
IV Generate Address Book for Remote 


Start Address Book Generation: 


o 


en 
al» al al» 


hours after midnight 


Disk Check Interval: minutes 








Disk Check Delay: 


nN 


hours 


Page Options... Cancel 








3 Select Perform User Upkeep. 


4 Inthe Start User Upkeep field, specify the number of hours after midnight for the POA to start 
performing user upkeep. 


The default is 1 hour. 


5 If you have Remote or Caching users, select Generate Address Book for Remote. 
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6 Specify the number of hours after midnight for the POA to generate the daily copy of the 
system Address Book for Remote and Caching users. 


The default is 0 hours (that is, at midnight). 
If you want to generate the system Address Book for download more often than once a day, you 
can delete the existing worof50 . db file from the \wpcsout\ofs subdirectory of the post 
office. A new downloadable system Address Book will be automatically generated for users in 
the post office. 
In addition to this feature, starting in GroupWise 7, the POA automatically tracks changes to 
the GroupWise Address Book and provides automatic synchronization, as described in 
Section 6.5, “Controlling Address Book Synchronization for Remote Client Users,” on 
page 91. 

7 Click OK to save the new nightly user maintenance settings. 


ConsoleOne then notifies the POA to restart so the new settings can be put into effect. 
Corresponding Startup Switches 
You can also configure nightly user upkeep using startup switches in the POA startup file. By 


default, nightly user upkeep is enabled. Use the /nuuoffset and /rdaboffset switches to specify the 
start times. 


POA Web Console 
You can view the current user upkeep schedule on the Scheduled Events page. 
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Monitoring the POA 


By monitoring the POA, you can determine whether or not its current configuration is meeting the 
needs of the post office it services. You have a variety of tools to help you monitor the operation of 


the POA: 
+ Section 37.1, “Using the POA Server Console,” on page 515 
+ Section 37.2, “Using the POA Web Console,” on page 530 
+ Section 37.3, “Using POA Log Files,” on page 538 
+ Section 37.4, “Using GroupWise Monitor,” on page 539 
+ Section 37.5, “Using Novell Remote Manager,” on page 540 
+ Section 37.6, “Using an SNMP Management Console,” on page 540 
+ Section 37.7, “Notifying the GroupWise Administrator,” on page 544 





+ Section 37.8, “Using the POA Error Message Documentation,” on page 545 
+ Section 37.9, “Employing POA Troubleshooting Techniques,” on page 545 
+ Section 37.10, “Using Platform-Specific POA Monitoring Tools,” on page 546 


37.1 Using the POA Server Console 


The following topics help you monitor and control the POA from the POA server console: 


+ Section 37.1.1, “Monitoring the POA from the POA Server Console,” on page 515 
+ Section 37.1.2, “Controlling the POA from the POA Server Console,” on page 520 


37.1.1 Monitoring the POA from the POA Server Console 


The POA server console provides information, status, and message statistics about the POA to help 
you assess its current functioning. 


Figure 37-1 POA Server Console 
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NetWare The POA server console always displays on the NetWare® server console. 


Linux: You must use the --show startup switch in order to display the Linux POA server console. 
See “Starting the Linux Agents with a User Interface” in “Installing GroupWise Agents” in 
the GroupWise 7 Installation Guide. 


Windows: You can suppress the Windows POA server console by running the POA as a service. See 
“Starting the Windows GroupWise Agents” in “Installing GroupWise Agents” in the 
GroupWise 7 Installation Guide. 


The POA server console consists of several components: 


+ “POA Information Box” on page 516 

+ “POA Status Box” on page 517 

+ “POA Statistics Box” on page 518 

+ “POA Log Message Box” on page 518 

+ “POA Admin Thread Status Box” on page 519 


Do not exit the POA server console unless you want to stop the POA. 


NetWare: At a NetWare server console, you can use Alt+Esc to change screens. In a remote 
console window, you can use Alt+F1 to select a screen to view. You can use these 
keystrokes to display the POA server console if it is not immediately visible on the 
NetWare console. 


Linux: You can minimize the POA server console, but do not close it unless you want to stop the 
POA. 

Windows: You can minimize the POA server console, but do not close it unless you want to stop the 
POA. 


POA Information Box 


The POA Information box identifies the POA whose POA server console you are viewing, which is 
especially helpful when multiple POAs are running on the same server. 


PostOffice.Domain: Displays the name of the post office serviced by this POA, and what domain it 
is linked to. 


Description: Displays the description provided in the Description field in the POA Identification 
page in ConsoleOne. When you run multiple POAs on the same server, the description should 
uniquely identify each one. If multiple administrators work at the server where the POA runs, the 
description could include a note about who to contact before stopping the POA. 


Up Time: Displays the length of time the POA has been running. 


POA Web Console 
The Status page also displays this information. 
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POA Status Box 


The POA Status box displays the current status of the POA and its backlog. The information 
displayed varies depending on whether the POA is processing client/server connections, message 
files, both, or neither. 


Processing: Displays a rotating bar when the POA is running. If the bar is not rotating, the POA has 
stopped. For assistance, see “Post Office Agent Problems” in GroupWise 7 Troubleshooting 2: 
Solutions to Common Problems. 


Busy: Displays the number of POA threads currently in use (busy) for client/server connections, 
message files, or both, depending on POA configuration. In a typical POA configuration, the 
number to the left of the colon is the number of busy client/server threads and the number to the 
right of the colon is the number of busy message handler threads. You can change the total number 
of threads available. See Section 38.1.2, “Adjusting the Number of Connections for Client/Server 
Processing,” on page 549 and Section 38.2.1, “Adjusting the Number of POA Threads for Message 
File Processing,” on page 552. 


User Connections (for client/server processing): Displays the number of active application 
(“virtual”) TCP/IP connections between the POA and the GroupWise® clients run by GroupWise 
users. You can change the maximum number of user connections. See Section 38.1.2, “Adjusting the 
Number of Connections for Client/Server Processing,” on page 549. 


Physical Connections (for client/server processing): Displays the number of active physical 
TCP/IP connections between the post office and the GroupWise clients run by GroupWise users. 
You can change the maximum number of physical connections. See Section 38.1.2, “Adjusting the 
Number of Connections for Client/Server Processing,” on page 549. 


Priority Queues (for message file processing): Displays the number of messages waiting in the 
high priority message queues. You can control the number of threads processing message files. See 
Section 38.2.1, “Adjusting the Number of POA Threads for Message File Processing,” on page 552. 


Normal Queues (for message file processing): Displays the number of messages waiting in the 
normal priority message queues. You can control the number of threads processing message files. 
See Section 38.2.1, “Adjusting the Number of POA Threads for Message File Processing,” on 
page 552. 


File Queues (for message file processing): Displays the total number of messages waiting in all 
message queues, when client/server information and message file information are displayed 
together. 


The number of messages displayed as waiting in message queues is not an exact count. For example, 
if the POA detects numerous messages to process in the priority 4 queue (normal messages), it does 
not scan and count messages in lower priority queues. Therefore, actual counts of message files 
waiting in queues could be higher than the counts displayed in the Status box. 


For information about the various message queues in the post office, see “Post Office Directory” in 
GroupWise 7 Troubleshooting 3: Message Flow and Directory Structure. 


POA Web Console 
The Status page also displays the status information listed above. In addition, you can display 
detailed information about specific queue contents. 
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POA Statistics Box 


The POA Statistics box displays statistics showing the current workload of the POA. The 
information displayed varies depending on whether the POA is processing client/server connections, 
message files, both, or neither. 


C/S Requests (for client/server processing): Displays the number of active client/server requests 
between GroupWise clients and the POA. 


Requests Pending (for client/server processing): Displays the number of client/server requests 
from GroupWise clients the POA has not yet been able to respond to. If the number is large, see 
“POA Statistics Box Shows Requests Pending” in “Post Office Agent Problems” in GroupWise 7 
Troubleshooting 2: Solutions to Common Problems. 


Users Timed Out (for client/server processing): Displays the number of GroupWise clients no 
longer communicating with the POA. If the number is large, see “POA Statistics Box Shows Users 
Timed Out” in “Post Office Agent Problems” in GroupWise 7 Troubleshooting 3: Message Flow and 
Directory Structure. 


Message Files (for message file processing): Displays the total number of messages processed by 
the POA. This includes user messages, status messages, and service requests processed by the POA. 


Undeliverable (for message file processing): Displays the number of messages that could not be 
delivered because the user was not found in that post office or because of other similar problems. 
Senders of undeliverable messages are notified. For assistance, see “Message Has Undeliverable 
Status” in “Strategies for Message Delivery Problems” in GroupWise 7 Troubleshooting 2: Solutions 
to Common Problems. 


Problem Messages (for message file processing): Displays the number of invalid message files 
that have problems not related to user error. It also displays requests the POA cannot process 
because of error conditions. For assistance, see “Message Is Dropped in the problem Directory” in 
“Strategies for Message Delivery Problems” in GroupWise 7 Troubleshooting 2: Solutions to 
Common Problems. 


Users Delivered: Displays the number of user messages delivered to recipients in the post office. A 
message with six recipients in the local post office is counted six times. 


Statuses: Displays the number of status messages delivered to recipients in the post office. 
Rules Executed: Displays the number of users’ rules executed by the POA. 


POA Web Console 
The Status page also displays this information. In addition, you can display detailed information 
about client/server connections and message file processing. 


POA Log Message Box 


The POA Log Message box displays the same information that is being written to the POA log file. 
The amount of information displayed in the POA Log Message box depends on the current log 
settings for the POA. See Section 37.3, “Using POA Log Files,” on page 538. The information 
scrolls up automatically. 


Windows Note: To stop the automatic scrolling, click Log, then deselect Auto Scroll. You can then 
use the scroll bar to browse through the contents of the log message box. 
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POA Web Console 
You can view and search POA log files on the Log Files page. 


Informational Messages 


When you first start the POA, you typically see informational messages that list current agent 
settings, current number of threads, TCP/IP options (client/server), and scheduled events. As the 
POA runs, it continues to provide status and delivery information in the POA Log Message box. 


Error Messages 


If the POA encounters a problem processing a message, it displays an error message in the POA Log 
Message box. See “Post Office Agent Error Messages” in GroupWise 7 Troubleshooting 1: Error 
Messages. 


POA Admin Thread Status Box 


The POA admin thread updates the post office database (wphost.db) when users and/or user 
information are added, modified, or removed, and repairs it when damage is detected. 


To display the POA Admin Thread Status box from the POA server console, click 
Configuration > Admin Status. 


NetWare Note: Use Options (F10) > Admin Status. 
Figure 37-2 Admin Status Dialog Box 
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The following tasks pertain specifically to the POA admin thread: 


+ “Suspending/Resuming the POA Admin Thread” on page 521 
+ “Displaying POA Admin Thread Status” on page 525 
+ “Recovering the Post Office Database Automatically or Immediately” on page 526 
POA Web Console 
You can display POA admin thread status on the Configuration page. Under the General Settings 


heading, click Admin Task Processing. You can also change the admin settings for the current POA 
session. 
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37.1.2 Controlling the POA from the POA Server Console 


You can perform the following tasks to monitor and control the POA from the POA server console at 
the server where the POA is running: 


+ 


+ 


“Stopping the POA” on page 520 

“Suspending/Resuming the POA Admin Thread” on page 521 
“Displaying the POA Software Date” on page 522 

“Displaying Current POA Settings” on page 522 

“Displaying Detailed Statistics about POA Functioning” on page 523 
“Displaying Client/Server Information” on page 523 

“Listing Message Queue Activity” on page 524 

“Displaying Message Transfer Status” on page 524 

“Restarting the MTP Thread” on page 525 

“Displaying POA Admin Thread Status” on page 525 

“Recovering the Post Office Database Automatically or Immediately” on page 526 
“Recovering User and Message Databases Automatically” on page 527 
“Updating QuickFinder Indexes” on page 527 

“Compressing QuickFinder Indexes” on page 528 

“Regenerating QuickFinder Indexes” on page 528 

“Browsing the Current POA Log File” on page 528 

“Viewing a Selected POA Log File” on page 529 

“Cycling the POA Log File” on page 529 

“Adjusting POA Log Settings” on page 530 

“Editing the POA Startup File” on page 530 

“Accessing Online Help for the POA” on page 530 


Stopping the POA 


You might need to stop and restart the POA for the following reasons: 


+ 


+ 


+ 


+ 


Updating the agent software 
Troubleshooting message flow problems 
Backing up Group Wise databases 
Rebuilding GroupWise databases 


To stop the POA from the POA server console: 


1 


Click File > Exit > Yes. 


NetWare: Use Exit (F7). If the POA does not respond to Exit, you can use the unload 
command to stop the POA. However, this stops all instances of the POA running on 
the server. 
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Linux: If the Linux POA does not respond to Exit, you can kill the POA process, as 
described below, but include the -9 option. 


Windows: If the Windows POA does not respond to Exit, you can close the POA server console 
to stop the POA or use the Task Manager to terminate the POA task. 


2 Restart the POA, as described in the following sections in the GroupWise 7 Installation Guide: 
+ “Starting the NetWare GroupWise Agents” 
+ “Starting the Linux GroupWise Agents as Daemons” 


+ “Starting the Windows GroupWise Agents” 


Stopping the Linux POA When It Is Running As a Daemon 


To stop the Linux POA when it is running in the background as a daemon and you started it using 
the grpwise script: 
1 Make sure you are logged in as root. 
2 Change to the /etc/init.d directory. 
3 Enter the following command: 
./grpwise stop 
4 Use the following command to verify that the POA has stopped. 


./grpwise status 


To stop the Linux POA when it is running in the background as a daemon and you started it 
manually (not using the grpwise script): 


1 Determine the process IDs (PIDs) of the POA: 
ps -eaf | grep gwpoa 
The PIDs for all gwpoa processes are listed. 


You can also obtain this information from the Environment page of the POA Web console. 
2 Kill the first POA process listed: 


Syntax: 
kill PID 





Example: 
kill 1483 


It might take a few seconds for all POA processes to terminate. 


3 Use the ps command to verify that the POA has stopped. 











ps -eaf | grep gwpoa 


Suspending/Resuming the POA Admin Thread 


You can cause the POA to stop accessing the post office database (wphost . db) without stopping 
the POA completely. For example, you could suspend the POA admin thread while backing up the 
post office database. 


To suspend the POA admin thread: 
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1 At the POA server console, click Configuration > Admin Status. 
2 Click Suspend. 
NetWare Note: Use Options (F10) > Admin Status > Suspend. 


The POA admin thread no longer accesses the post office database until you resume processing. 
To resume the POA admin thread: 


1 At the POA server console, click Configuration > Admin Status. 
2 Click Resume. 
NetWare Note: Use Options (F10) > Admin Status > Resume. 
POA Web Console 


You can suspend and resume the POA admin thread from the Configuration page. Under the General 
Settings heading, click Admin Task Processing > Suspend or Resume > Submit. 


Displaying the POA Software Date 


It is important to keep the POA software up-to-date. You can display the date of the POA software 
from the POA server console. 


1 At the server where the POA is running, display the POA server console. 
2 Click Help > About POA. 
NetWare Note: To check the date of the NetWare® POA, you must list the gwpoa .n 1m file in the 


agent installation directory (typically, in the sys: \system directory) or use the modules 
gwpoa.nlm command at the server console prompt. 


POA Web Console 
You can check the POA software date on the Environment page. 


Displaying Current POA Settings 


You can list the current configuration settings of the POA at the POA server console. 


1 At the server where the POA is running, display the POA server console. 

2 Click Configuration > Agent Settings. 
The configuration information displays in the log message box and is written to the log file. 
NetWare Note: Use Show Configuration (F4) > Show Configuration. 
If information you need scrolls out of the log message box, you can scroll back to it. See 


“Browsing the Current POA Log File” on page 528. 


For information about POA configuration settings, see Chapter 36, “Configuring the POA,” on 
page 475 and Chapter 39, “Using POA Startup Switches,” on page 565. 


POA Web Console 
You can check the current POA settings on the Configuration page. 
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Displaying Detailed Statistics about POA Functioning 


The POA server console displays essential information about the functioning of the POA. More 
detailed information is also available. 
1 At the server where the POA is running, display the POA server console. 
2 Click Statistics > Misc. Statistics. 
NetWare Note: This feature is not available in the NetWare POA. 


3 Review the Detailed Statistics dialog box. The following statistics are displayed and written to 
the log file for the current POA up time: 


+ Databases rebuilt 

+ Users deleted 

+ Users moved 

+ Moved messages processed 
+ Statuses processed 


POA Web Console 
You can display statistics on the Status page. 


Displaying Client/Server Information 


When the POA and the GroupWise clients communicate in client/server mode, you can display 
statistics to indicate the performance level of the TCP/IP communication. 
1 At the server where the POA is running, display the POA server console. 
2 Click Statistics > Client/Server. 
NetWare Note: Use Configuration (F4) > Display Client/Server Information. 
3 Inthe menu, click the type of statistics to display. 


The selected type of statistics for the current POA up time are listed in the message log box and 
are written to the POA log file. 


If information you need scrolls out of the log message box, you can scroll back to it. See 
“Browsing the Current POA Log File” on page 528. 


All Statistics: Lists the information for General Statistics, Throughput, Physical Connections, 
and Application Connections, as described below. 


General Statistics: Lists the DNS address and IP address of the server, along with the TCP 
port for the POA, the number of messages received, sent, and aborted, and the number of 
physical and application connections active and allowed. 


Show Throughput: Lists the total number of messages processed by the POA for all users. 
Statistics are provided for the current elapsed time and as a per second average. 


Clear Throughput: Resets the current elapsed time to zero. 


Physical Connections: Lists the currently active physical connections. Physical connections 
are active TCP connections created whenever GroupWise users do something that requires 
communication and closed when the specific activities have been completed. By listing the 
physical connections, you can see what users are actively using GroupWise and how much 
throughput each user is generating. Users’ IP addresses are also listed. 
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Application Connections: Lists the currently active application connections. Every user that 
starts Group Wise has an application connection for as long as GroupWise is running, even if 
Group Wise is not actively in use at the moment. By listing the application connections, you can 
see what users have started GroupWise and how much throughput each user is generating. 
Users’ IP addresses are also listed. 


Show Redirection List: Lists all POAs in your GroupWise system and indicates whether each 
is configured for TCP/IP. The list includes the IP address of each POA and the IP address of its 
proxy server outside the firewall, if applicable. This redirection information is obtained from 
the post office database (wphost. db). 


Check Redirection List: Attempts to contact each POA in your GroupWise system and 
reports the results. Ifa POA is listed as “Connection Failed,” see “Post Office Agent Problems” 
in GroupWise 7 Troubleshooting 2: Solutions to Common Problems. 


POA Web Console 
You can display client/server information on the Configuration page. You can list client/server users 
from the Status page using the C/S Users and Remote/Caching Users links. 


Listing Message Queue Activity 


The POA uses eight queues to process message files. You can view the activity in each of these 
queues. For more information about message queues, see “Post Office Directory” in GroupWise 7 
Troubleshooting 3: Message Flow and Directory Structure. 
1 At the server where the POA is running, display the POA server console. 
2 Click Actions > View MF Queues. 
NetWare Note: Use Options (F10) > Actions > View MF Queues. 


3 View the queue activity in the message log box. Use the scroll bar if necessary to scroll through 
the information. 


If information you need scrolls out of the log message box, you can scroll back to it. See 
“Browsing the Current POA Log File” on page 528. 


The information is also written to the POA log file. 


You can check queue activity on the Status page. Under the Thread Status heading, click the type of 
thread to view queue activity for. 


Displaying Message Transfer Status 


When the POA links to the MTA by way of TCP/IP, you can view the status of the TCP/IP link from 
the POA server console. 
1 At the server where the POA is running, display the POA server console. 
2 Click Configuration > Message Transfer Status. 
NetWare Note: Use Options (F10) > Message Transfer Status. 
3 View the following information about the TCP/IP link: 


Outbound TCP/IP Address: Displays the TCP/IP address and port where the MTA listens for 
messages from the POA. 


Inbound TCP/IP Address: Displays the TCP/IP address and port where the POA listens for 
messages from the MTA. 
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Hold Directory: Displays the path to the directory where the POA stores messages if the TCP/ 
IP link to the MTA is closed. 


Current Status: Lists the current status of the TCP/IP link. 
+ Open: The POA and the MTA are successfully communicating by way of TCP/IP. 
+ Closed: The POA is unable to contact the MTA by way of TCP/IP 
+ Unavailable: The POA is not yet configured for TCP/IP communication with the MTA. 
+ Unknown: The POA is unable to contact the MTA in any way. 
Messages Written: Displays the number of messages the POA has sent. 
Message Read: Displays the number of messages the POA has received. 


Last Closure Reason: Provides an explanation for why the post office was last closed. For 
assistance resolving closure reasons, see “Post Office Agent Error Messages” in GroupWise 7 
Troubleshooting 1: Error Messages. 


POA Web Console 
You can display message transfer status on the MTP Status page. 


Restarting the MTP Thread 


When the POA links to the MTA by way of TCP/IP, you can restart the Message Transfer Protocol 
(MTP) thread that provides the link between the POA and the MTA. 

1 At the server where the POA is running, display the POA server console. 

2 Click Actions > Restart MTP. 

NetWare Note: Use Options (F10) > Actions > Restart MTP. 

POA Web Console 
You can restart the MTA thread from the Configuration page. Click Message Transfer Protocol > 
Restart MTP > Submit. In addition, you can control the send and receive threads separately on the 


MTP Status page. In the Send or Receive column, click the current status > Stop/Start MTP Send/ 
Receive > Submit. 


Displaying POA Admin Thread Status 


Status information for the POA admin thread is displayed in a separate dialog box, rather than on the 
main POA server console. 
1 At the server where the POA is running, display the POA server console. 
2 Click Configuration > Admin Status. 
NetWare Note: Use Options (F10) > Admin Status. 
The following admin status information is displayed: 


Admin Message Box 
The Admin Message box provides the following information about the workload of the POA 
admin thread: 


Completed: Number of administrative message successfully processed. 
Errors: Number of administrative messages not processed because of errors. 


In Queue: Number of administrative messages waiting in the queue to be processed. 
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Send Admin Mail: Select this options to send a message to the administrator whenever a 
critical error occurs. See Section 37.7, “Notifying the Group Wise Administrator,” on page 544. 


Admin Database Box 
The Admin Database box provides the following information about the post office database 
(wphost.db): 


Status: Displays one of'the following statuses: 
+ Normal: The POA admin thread is able to access the post office database normally. 
+ Recovering: The POA admin thread is recovering the post office database. 


+ DB Error: The POA admin thread has detected a critical database error. The post office 
database cannot be recovered. Rebuild the post office database in ConsoleOne®. See 
Section 26.3, “Rebuilding Domain or Post Office Databases,” on page 381. 


The POA admin thread does not process any more administrative messages until the 
database status has returned to Normal. 


+ Unknown: The POA admin thread cannot determine the status of the post office database. 
Exit the POA, then restart it, checking for errors on startup. 


DB Sort Language: Displays the language code for the language that determines the sort 
order of lists displayed in ConsoleOne and the GroupWise system Address Book. 


Recovery Count: Displays the number of recoveries performed on the post office database by 
this POA for the current POA session. 


Admin Thread Box 
The Admin Thread box displays the following information: 


Status: Displays one of the following statuses: 
+ Running: The POA admin thread is active. 
+ Suspended: The POA admin thread is not processing administrative messages. 
¢ Starting: The POA admin thread is initializing. 
¢ Terminated: The POA admin thread is not running. 
POA Web Console 


You can display POA admin thread status from the Configuration page. Under the General Settings 
heading, click Admin Task Processing. 


Recovering the Post Office Database Automatically or Immediately 


The POA admin thread can recover the post office database (wphost . db) when it detects a 
problem. 


To enable/disable automatic post office database recovery: 


1 At the server where the POA is running, display the POA server console. 


2 Click Configuration > Admin Status > Automatic Recovery to toggle this feature on or off for 
the current POA session. 


NetWare Note: Use Options (F10) > Admin Status > Automatic Recovery. 


To change the setting permanently, see Section 36.1.2, “Configuring the POA in ConsoleOne,” on 
page 477. 


To recover the post office database immediately: 
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1 At the server where the POA is running, display the POA server console. 
2 Click Configuration > Admin Status > Perform DB Recovery. 
NetWare Note: Use Options (F10) > Admin Status > Perform DB Recovery. 


For additional database repair procedures, see Chapter 26, “Maintaining Domain and Post Office 
Databases,” on page 377. 


POA Web Console 

You can recover the post office database from the Configuration page. Under the General Settings 
heading, click Admin Task Processing. Select Automatic Recovery or Perform DB Recovery as 
needed. 


Recovering User and Message Databases Automatically 


The POA can recover user databases (userxxx. db) and message databases (msgnnn. db) 
automatically when it detects a problem because databases can be open during the recover process. 
This procedure is a “recover” rather than a “rebuild,” because a “rebuild” requires that all users and 
agents are out of the database being rebuilt. See Chapter 27, “Maintaining User/Resource and 
Message Databases,” on page 385. 


To enable/disable automatic message and user database recovery: 


1 At the server where the POA is running, display the POA server console. 
2 Click Actions > Auto Rebuild to toggle this feature on or off for the current POA session. 
NetWare Note: Use Options (F4) > Actions > Enable Auto Rebuild. 


To change the setting permanently, see Section 36.1.2, “Configuring the POA in ConsoleOne,” on 
page 477. 


POA Web Console 
You can see whether automatic message and user database recovery is enabled on the Configuration 
page under the Performance Settings heading. 


Updating QuickFinder Indexes 


Group Wise uses QuickFinder™ technology to index messages and documents stored in post offices. 
You can start indexing from the POA server console. For example, if you just imported a large 
number of documents, you could start indexing immediately, rather than waiting for the next 
scheduled indexing cycle. 


To update QuickFinder indexes for the post office: 


1 At the server where the POA is running, display the POA server console. 
2 Click Actions > QuickFinder > Update Indexes. 
NetWare Note: Use Options (F10) > Actions > Update QuickFinder Indexes. 


To avoid overloading the POA with indexing processing, a maximum of 1000 items are indexed per 
database. If a very large number of messages are received regularly, or if a user with a very large 
mailbox is moved to a different post office (requiring the user’s messages to be added into the new 
post office indexes), you might need to repeat this action multiple times in order to get all messages 
indexed. If too many repetitions are required to complete the indexing task, see Section 38.3.3, 
“Customizing Indexing,” on page 557 for assistance. 
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You can set up indexing to occur at regular intervals. See Section 38.3.1, “Regulating Indexing,” on 
page 555. 


If the indexing load on the POA is heavy, you can set up a separate POA just for indexing. See 
Section 38.3.2, “Configuring a Dedicated Indexing POA,” on page 556. 


POA Web Console 

You can update QuickFinder indexes from the Configuration page. Under the General Settings 
heading, click QuickFinder Indexing. 

Compressing QuickFinder Indexes 


QuickFinder indexes are automatically compressed at midnight each night to conserve disk space. 
You can start compression at any other time from the POA server console. For example, if you just 
imported and indexed a large number of documents and are running low on disk space, you could 
compress the indexes immediately, rather than waiting for it to happen at midnight. 


To compress QuickFinder indexes for the post office: 


1 At the server where the POA is running, display the POA server console. 
2 Click Actions > QuickFinder > Compress Indexes. 
NetWare Note: Use Options (F10) > Actions > Compress QuickFinder Indexes. 


POA Web Console 
You can compress QuickFinder indexes from the Configuration page. Under the General Settings 
heading, click QuickFinder Indexing. 


Regenerating QuickFinder Indexes 
If QuickFinder indexes become damaged, you can easily delete and re-create them. 
To recreate QuickFinder indexes for the post office: 


1 At the server where the POA is running, display the POA server console. 
2 Click Actions > QuickFinder > Delete and Regenerate Indexes. 
NetWare Note: Use Options (F10) > Actions > Delete and QuickFinder Indexes. 


You can also press Ctrl+Q. 


POA Web Console 
You can recreate QuickFinder indexes from the Configuration page. Under the General Settings 
heading, click QuickFinder Indexing. 


Browsing the Current POA Log File 


In the log message box, the POA displays the same information being written to the POA log file. 
The amount of information depends on the current log settings for the POA. 


The information automatically scrolls up the screen as additional information is written. You can 
stop the automatic scrolling so you can manually scroll back through earlier information. 


To browse the current POA log file and control scrolling: 


1 At the server where the POA is running, display the POA server console. 
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2 Click Log > Auto Scroll to toggle automatic scrolling on or off. 
NetWare Note: Use View Log File (F9). 


For explanations of messages in the POA log file, see “Post Office Agent Error Messages” in 
Group Wise 7 Troubleshooting 1: Error Messages. 


See also Section 37.3, “Using POA Log Files,” on page 538. 


POA Web Console 
You can browse and search POA log files on the Log Files page. 


Viewing a Selected POA Log File 
Reviewing log files is an important way to monitor the functioning of the POA. 


1 At the server where the POA is running, display the POA server console. 
2 Click Log > View Log. 

NetWare Note: Use Options (F10) > View Log Files. 

The following information is provided: 


Log Files: Lists the current POA log files, ordered from the oldest log file at the top to the 
newest log file at the bottom. The current log file is marked with an asterisk (*). 


Date/Time: Displays the date and time of each POA log file. 


Space Used: Displays the amount of disk space currently occupied by that POA’s log files. You 
can control the amount of space consumed by POA log files during the current POA session. 
You can also control the default amount of disk space for POA log files in the POA Log 
Settings page in ConsoleOne or in the POA startup file. See Section 37.3.1, “Configuring POA 
Log Settings and Switches,” on page 538. 


Log File Directory: Displays the full path of the directory where the POA writes its log files. 
See Section 37.3.1, “Configuring POA Log Settings and Switches,” on page 538. 


3 In the log file list, select the POA log file you want to view. 


Windows Note: For the Windows POA, you can select the viewer to use by providing the full 
path to the viewer program. The default viewer is Notepad. 


4 Click View. 


For explanations of messages in the POA log file, see “Post Office Agent Error Messages” in 
Group Wise 7 Troubleshooting 1: Error Messages. 


See also Section 37.3, “Using POA Log Files,” on page 538. 


POA Web Console 
You can view and search POA log files on the Log Files page. 


Cycling the POA Log File 
You can have the POA start a new log file as needed. 


1 At the server where the POA is running, display the POA server console. 
2 Click Log > Cycle Log. 
NetWare Note: Use Options (F10) > Cycle Log. 
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Adjusting POA Log Settings 


Default log settings are established when you start the POA. However, you can adjust the POA log 
settings for the current session from the POA server console. This overrides any settings provided in 
ConsoleOne or in the POA startup file. The modified settings remain in effect until you restart the 
POA, at which time the log settings specified in ConsoleOne or the startup file take effect again. 
1 At the server where the POA is running, display the POA server console. 
2 Click Log > Log Settings. 
NetWare Note: Use Options (F10) > Logging Options. 
3 Adjust the values as needed for the current POA session. 
See Section 37.3, “Using POA Log Files,” on page 538. 


POA Web Console 
You can adjust POA log settings from the Configuration page. Click the Log Settings heading. 


Editing the POA Startup File 


You can change the configuration of the POA by editing the POA startup file from the POA server 
console. 


1 At the server where the POA is running, display the POA server console. 
2 Click Configuration > Edit Startup File. 
NetWare Note: Use Options (F10) > Actions > Edit Startup File. 
3 Make the necessary changes, then save and exit the startup file. 
4 Stop and restart the POA. 


Accessing Online Help for the POA 


Click Help on the menu bar for information about the POA server console. Click the Help button in 
any dialog box for additional information. 


NetWare Note: Press F1 for information in any dialog box or menu. 


37.2 Using the POA Web Console 


The POA Web console enables you to monitor and control the POA from any location where you 
have access to a Web browser and the Internet. This provides substantially more flexible access than 
the POA server console, which can only be accessed from the server where the POA is running. 

+ Section 37.2.1, “Setting Up the POA Web Console,” on page 531 

+ Section 37.2.2, “Accessing the POA Web Console,” on page 532 

¢ Section 37.2.3, “Monitoring the POA from the POA Web Console,” on page 533 

¢ Section 37.2.4, “Controlling the POA from the POA Web Console,” on page 536 
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37.2.1 Setting Up the POA Web Console 


The default HTTP port for the POA Web console is established during POA installation. You can 
change the port number and increase security after installation in ConsoleOne. 

1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 

2 Click GroupWise > Network Address to display the Network Address page. 


Properties of POA 


GroupWise + | NDS Rights v | Other | Rights to Files and Folders 
Network Address 





TCPAP Address: ibd-nw provo novell.com 





Proxy Server Address: 





IPX/SPX Address: 
I Bind Exclusively to TCPAP Address 


Port SSL SSL Port 
Message Transfer: 7101 4 Disabled y | 








HTTP: 7181 $| [Disabled =] 





Local Intranet Client/Server: 1677 + Disabled 7 | 





Internet Proxy Client/Server: 0 + Disabled | 





IMAP: 143 $| fpisaviea | [ 993 <] 

















SOAP: $| (Disabled > | 


Page Options... OK | Cancel | Apply | Help | 








If you configured the POA for TCP/IP links during installation, the TCP/IP Address field 
should display the POA server’s network address. If it does not, follow the instructions in 
Section , “Using TCP/IP Links between the Post Office and the Domain,” on page 481. The 
POA must be configured for TCP/IP in order to provide the POA Web console. 


3 Make a note of the IP address or DNS hostname in the TCP/IP Address field. You need this 
information to access the POA Web console. 


The HTTP Port field displays the default port number of 7181. 


4 Ifthe default HTTP port number is already in use on the POA server, specify a unique port 
number. 


5 Make a note of the HTTP port number. You need this information to access the POA Web 
console. 


6 Ifyou want to use an SSL connection for the POA Web console, which provides optimum 
security, select Enabled in the HTTP SSL drop-down list. 


For additional instructions about using SSL connections, see Chapter 71, “Encryption and 
Certificates,” on page 1121. 


7 Click Apply to save your changes on the Network Address page. 
If you want to limit access to the POA Web console, you can provide a username and password. 


8 Click GroupWise > Agent Settings, then scroll down to HTTP Settings. 
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Properties of POA 
NDS Rights v | Other | Rights to Files and Folders | 


D 
Max App Connections: 2048 4 


[V Enable Caching 
CPU Utilization (NetVVare): [85 4 percent 
Delay Time (NetWare): [ 100 4 milliseconds: 
Max Thread Usage for Priming and Moves: [20 4 percent 





[V Enable IMAP 
Max IMAP Threads: [ 50€ 
IV Enable SOAP 
Max SOAP Threads: [20 4 


[ Disable Administration Task Processing 





[V Enable SNMP 








SNMP Community "Get" String: 


HTTP Settings: 





HTTP User Name: | 


HTTP Password: Set Password 








Page Options... Cancel 





9 Inthe HTTP Settings box: 
Ga In the HTTP User Name field, specify a unique username. 
9b Click Set Password. 
9c Type the password twice for verification. 
9d Click Set Password. 


Unless you are using an SSL connection, do not use a Novell® eDirectory™ username and 
password because the information passes over the insecure connection between your Web 
browser and the POA. 


For convenience, use the same username and password for all agents that you plan to 
monitor from GroupWise Monitor. This saves you from having to provide the username 
and password information as Monitor accesses each agent. 


10 Click OK to save the POA Web console settings. 


ConsoleOne then notifies the POA to restart so the new settings can be put into effect. 


Corresponding Startup Switches 

You can also use the /httpport, /httpuser, /httppassword, and /httpssl startup switches in the POA 
startup file to enable and secure the POA Web console. In addition, you can use the /httprefresh 
switch to control how often the POA refreshes the information provided to your Web browser. 


37.2.2 Accessing the POA Web Console 


To monitor the POA from your Web browser, view the URL where the POA is located by supplying 
the network address and port number as displayed on the Network Address page in ConsoleOne. For 
example: 

http://172.16.5.18:1677 

http://172.16.5.18:7181 

http://server1:7181 

https://server2:1677 


When viewing the POA Web console, you can specify either the client/server port or the HTTP port. 
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Figure 37-3 POA Web Console 





Up Time: 0 Days 5 Hours 10 Minutes 





C/S Users 0 
Application Connections 0 
Physical Connections 0 
Priority Queues 0 
Normal Queues 0 
GWCheck Auto Queues 0 
GWCheck Scheduled Queues 0 


hread Status 





C/S Handler Threads 6 0 
Message Worker Threads 6 0 
GWCheck Worker Threads 4 0 
Message Transfer Status Open 





C/S Requests 2 
C/S Requests Pending 0 
Users Timed Out 0 
Rules Executed 0 
Users Delivered 0 
Message Files Processed 0 


37.2.3 Monitoring the POA from the POA Web Console 


The POA Web console provides several pages of information to help you monitor the performance 
of the POA. The bar at the top of the POA Web console displays the name of the POA and its post 
office. Below this bar appears the POA Web console menu that lists the pages of information 
available in the POA Web console. Online help throughout the POA Web console helps you 
interpret the information being displayed and use the links provided. 

+ “Monitoring POA Status” on page 533 

+ “Checking the POA Operating System Environment” on page 534 

+ “Viewing and Searching POA Log Files” on page 535 

+ “Listing POA Scheduled Events” on page 535 

+ “Checking Link Status to the MTA” on page 536 


Monitoring POA Status 


When you first access the POA Web console, the Status page is displayed. Online help on the Status 
page helps you interpret the status information being displayed. 
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Figure 37-4 POA Web Console with the Status Page Displayed 








C/S Users (nl 
Application Connections 
Physical Connections 

Priority Queues 

Normal Queues 

GWCheck Auto Queues 
GWCheck Scheduled Queues 





hread Status 
C/S Handler Threads 6 0 
Message Worker Threads 6 0 
GWCheck Worker Threads 4 0 
Message Transfer Status Open 


Statistics 





C/S Requests 2 


C/S Requests Pending 0 
Users Timed Out 0 
Rules Executed 0 
Users Delivered 0 
Message Files Processed 0 


Click any hyperlinked status items for additional details. The status information is much the same as 
that provided at the POA server console, as described in Section 37.1.1, “Monitoring the POA from 
the POA Server Console,” on page 515. 

Checking the POA Operating System Environment 


On the POA Web console menu, click Environment to display information about the operating 
system where the POA is running. On a NetWare server, the following information is displayed: 


Figure 37-5 POA Web Console Environment Page for a NetWare Server 







Log Files | Scheduled Events | MTP Status | Hel 











PRV-GW 
Company ovell 
OS Revision etWare 5.70.03 
OS Date January 20, 2005 
Supported Connections 47 
Connections in Use 3 
Receive Buffer Max 0000 (Recommended 2500) 
Module Information 
GroupWise Engine (release version) 
GWENNS5.NLM 
Version 7.00 
Memory Allocated 2428 
Build Date 7-12-2005 


On a Linux server, the following information is displayed: 


Figure 37-6 POA Web Console Environment Page for a Linux Server 








Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 


Configuration 








r jbd-Inx 
OS Revision Linux Release 2.6.5-7.147-default 
Main Thread Process ID 13046 
Build Dates 
GroupWise Agent Build Date 07-14-05 
GroupWise Resource Build Date 07-11-05 
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On a Windows server, the following information is displayed: 


Figure 37-7 POA Web Console Environment Page for a Windows Server 








OS Data 

Windows 2000 Version 5.0 (Build 2195 )Service Pack 4 

Build Dates 

GroupWise Agent Build Date 07-12-05 
GroupWise Engine Build Date 07-12-05 
GroupWise Resource Build Date 07-12-05 


Viewing and Searching POA Log Files 


On the POA Web console menu, click Log Files to display and search POA log files. 


Figure 37-8 POA Web Console with the Log Files Page Displayed 


Gr 0 POA - pment.Provo1 
Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 








View Event Log Settings 


Event Log Filter 





Events containing 





Event logs: I Select all 


0708poa.001 07-06-07 20:00:12 6790 
0709poa.001 07-09-07 20:00:12 6709 
0?10poa.001 07-10-07 20:00:12 6709 
0711poa.001 07-11-07 20:00:14 6790 
0712poa.001 07-12-07 20:00:10 6709 
0?13poa.001 07-13-07 12:26:34 9811 
0713poa.002 07-13-07 13:55:14 10952 
0713p0a.003 07-13-07 14:04:28 6582 
0713poa.004 07-13-07 14:07:22 7814 
0713p0a.005 07-13-07 20:00:14 18144 
0714poa.001 07-14-07 20:00:12 31712 
* 0715poa.001 07-15-07 20:00:12 26982 


View Events Cycle Log 





To view a particular log file, select the log file, then click View Events. 


To search all log files for a particular string, type the string in the Events Containing field, select 
Select All, then click View Events. You can also manually select multiple log files to search. 


The results of the search are displayed on a separate page that can be printed. 


Listing POA Scheduled Events 


On the POA Web console menu, click Scheduled Events to view currently scheduled events and 


their status information. 
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Figure 37-9 POA Web Console with the Scheduled Events Page Displayed 





DiskCheck 

Event Current Status Idle 

Event Next Start Time 07/15/2007 21:04:13 
Event Schedule Interval 5 mins 


# of Concurrent Events Allowed 1 


Remote Downloadable Address Book Generation 


Event Current Status dle 

Event Last Started Time 07/15/2007 00:00:31 
Event Last Completed Time 07/15/2007 00:00:31 
Event Next Start Time 07/16/2007 00:00:31 
Event Schedule Interval 1 day(s) 


# of Concurrent Events Allowed 


Nightly User DB Upkeep (Phase 1) 


Event Current Status dle 

Event Last Started Time 07/15/2007 01:00:01 
Event Last Completed Time 07/15/2007 01:00:01 
Event Next Start Time 07/16/2007 01:00:01 
Event Schedule Interval 1 day(s) 





# of Concurrent Events Allowed 


QuickFinder indexing and remote downloadable Address Book generation can be controlled using 
links from the Configuration page. The Configuration page also displays information about disk 
check events and database maintenance events. However, scheduled events must be created and 
modified using ConsoleOne. 


Checking Link Status to the MTA 


On the POA Web console menu, click MTP Status to view status information about the link between 
the POA for the post office and MTA for the domain. 


Figure 37-10 POA Web Console with the MTP Status Page Displayed 





Send Receive 
Current Status Open Open 
Last Closed 
Last Opened 07-13-07 14:08:16 07-13-07 14:08:16 


Last Closure Reason 





ectory P and TCP/IP addr 
Outbound TCP/IP 173.15.4.13:7100 
Inbound TCP/IP 173.15.4.13:7101 
Hold PRV-GWisys:\gwsystem\deviwpcsin 
Message Transfer Statistics 
Written 1 
Read 3 


The Outbound TCP/IP link displays the MTA Web console where you can get status information 
about the MTA. The Hold link displays the contents of the MTA input queue, so you can find out if 
messages are waiting for processing by the MTA. 


37.2.4 Controlling the POA from the POA Web Console 


At the POA Web console, you can change some POA configuration settings for the current POA 
session. You can also stop and start some specific POA threads. 


+ “Changing POA Configuration Settings” on page 537 
+ “Controlling the POA Admin Thread” on page 537 
+ “Controlling the POA MTP Threads” on page 538 
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Changing POA Configuration Settings 


On the POA Web console menu, click Configuration. Online help on the Configuration page helps 


you interpret the configuration information being displayed. 


Figure 37-11 POA Web Console with the Configuration Page Displayed 

















Post Office Directory: PRY-GWW/sys:\gwsystem\dev 
Post Office Access Mode: Client/Server Only 

Post Office Configuration Instance: POA 

Read Configuration from Database: Yes 

Error Mail to Administrator: Yes 

IP Address Redirection Table: Show 

IPV6 Protocol: Disabled 

QuickFinder Indexing: Enabled 

QuickFinder Indexing Base Offset (hours from Midnight): 20 Hours 0 Mins (Default) 
QuickFinder Indexing Interval: 24 Hours 0 Mins (Default) 
Simple Network Management Protocol (SNMP): Enabled (index 1) 

Admin Task Processing: Yes 

intruder Detection: Enabled 

incorrect Login Attempts before Lockout: d 

Login Attempt Reset Interval: 15 mins 

intruder Lockout Reset Interval: 15 mins 

GWCheck Processing: Enabled 

Netware Clustering Enabled: No 

Running in Protected Address Space: No 

Post Office Security Requires Password: Yes 

LDAP Authentication: Enabled 

Move User (live) via TCPIP: Enabled 

internet Protocol Agent Settings: 

MAP Agent: Enabled 

MAP Port for Incoming IMAP requests: 143 (Default) 

IMAP over SSL: Disabled 

CAP Agent: Enabled 

CAP Port for Incoming CAP requests: 1026 (Default) 


Click any hyperlinked configuration items to change settings for the current agent session. The 
settings that can be modified are much the same as those that can be changed at the POA server 
console, as described in Section 37.1.2, “Controlling the POA from the POA Server Console,” on 


page 520. 


Controlling the POA Admin Thread 
On the Configuration page, click Admin Task Processing. 


Figure 37-12 POA Web Console with the Admin Task Status Page Displayed 





7.0 POA - De pment.Provo1 
uration | Environment | Log Files | Scheduled Events | MTP Status | Help 





Admin Messages 


Completed 2 
Errors 0 

In Queue 0 
Send Admin Mail M 
Admin Database 

Status Normal 
DB Sort Language US 
Recovery Count 0 
Automatic Recovery V 
Perform DB Recovery (m 
Admin Thread 

Status Running 
Suspend O 
Resume C 


Submit | Reset 
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Modify the functioning of the POA admin thread as needed, then click Submit. The changes remain 
in effect for the current POA session. 


Controlling the POA MTP Threads 
On the Configuration page, click Message Transfer Protocol. 


Figure 37-13 POA Web Console with the Message Transfer Protocol Settings Page Displayed 





7.0 POA - Development.Provo1 
onfiguration | Environment | Log Files | Scheduled Events | MTP Status | Help 











Message Transfer Protocol Settings 


Outbound TCP/IP 


Address 173.15.4.13 
Port: 7100 
Inbound TCP/IP 
Address 173.15.4.13 
Port 7101 
Maximum File Transfer Send Size |0 MB 
Restart MTP c 

Submit | Reset 


On this page, you can restart MTA processing between the POA and the MTA. On the MTP status 
page, you can restart the send and receive threads separately. 


37.3 Using POA Log Files 


Error messages and other information about POA functioning are written to log files as well as 
displaying on the POA server console. Log files can provide a wealth of information for resolving 
problems with POA functioning or message flow. This section covers the following subjects to help 
you get the most from POA log files: 


¢ Section 37.3.1, “Configuring POA Log Settings and Switches,” on page 538 
+ Section 37.3.2, “Viewing POA Log Files,” on page 539 
¢ Section 37.3.3, “Interpreting POA Log File Information,” on page 539 


37.3.1 Configuring POA Log Settings and Switches 


The following aspects of logging are configurable: 
+ Log File Path (/log) 
+ Disk Logging (/logdiskoff) 
+ Logging Level (/loglevel) 
+ Maximum Log File Age (/logdays) 
+ Maximum Log File Size (/logmax) 


You can configure the log settings in the following ways: 


+ Using ConsoleOne to establish defaults (see Section 36.1.7, “Adjusting the POA Logging 
Level and Other Log Settings,” on page 485) 
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+ Using startup switches to override ConsoleOne settings (see Section 39, “Using POA Startup 
Switches,” on page 565) 


+ Using the POA server console to override log settings for the current POA session (see 
Section , “Adjusting POA Log Settings,” on page 530) 


+ Using the POA Web console to override other settings for the current POA session (see 
Section 37.2.4, “Controlling the POA from the POA Web Console,” on page 536) 


37.3.2 Viewing POA Log Files 


You can view the contents of the POA log file from the POA server console and Web console. See 
the following tasks presented in Section 37.1.1, “Monitoring the POA from the POA Server 
Console,” on page 515: 


+ “Browsing the Current POA Log File” on page 528 

+ “Viewing a Selected POA Log File” on page 529 

+ “Cycling the POA Log File” on page 529 

+ “Viewing and Searching POA Log Files” on page 535 


37.3.3 Interpreting POA Log File Information 


On startup, the POA records the POA settings currently in effect. Thereafter, it logs events that take 
place, including errors. To look up error messages that appear in POA log files, see “Post Office 
Agent Error Messages” in GroupWise 7 Troubleshooting 3: Message Flow and Directory Structure. 


Because the POA consists of multiple threads, you might find it useful to retrieve the log file into an 
editor and sort it on the thread ID that follows the date and time information. Sorting groups all 
messages together for the same POA thread. You can also use the search capability of the POA Web 
console to gather information about a specific POA thread. See “Viewing and Searching POA Log 
Files” on page 535. 


37.4 Using GroupWise Monitor 


Group Wise Monitor is a monitoring and management tool that allows you to monitor Group Wise 
agents and gateways from any location where you are connected to the Internet and have access to a 
Web browser. The POA Web console can be accessed from GroupWise Monitor, enabling you to 
monitor all POAs in your GroupWise system from one convenient location. In addition, Group Wise 
Monitor can notify you when agent problems arise. 
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Figure 37-14 GroupWise Monitor Web Console 


GroupWise.» Monitor 

























































































Olla A Novell 
~ 95 Corporate Mail Monitored agents for "Corporate Mail" group 
% Gateways Total: 12 Displayed: 1 -12 
® Windows Agents B Name Status Status Duration Up Time Type 
C © Provoz Normal 3d21h2m 3d20h59mMTA 7.0 
Sri T @ Provo2.GWIA Normal 3d21h2m 3d20h59m GWA 7.0 
— C @ Sales.Provo2 Normal 3d21h2m 3d 20h 59m POA 7.0 
Delete C (@) WEBAC7OA.Provo2 Normal 3d21h2m 3d 20h 59m WEBACC 7.0 
Hetiesh F © Provot Normal OdOh53m  OdOh54m MTA 7.0 
a M (@) Development.Provo1 Normal 0d0h53m Odoh53m POA 7.0 











For installation and setup instructions, see “Installing GroupWise Monitor” in the GroupWise 7 
Installation Guide. For usage instructions, see Part XIII, “Monitor,” on page 963. 


37.5 Using Novell Remote Manager 


If the POA is running on NetWare 6.5 or on Novell Open Enterprise Server (OES), you can use the 
IP Address Management feature in Novell Remote Manager (Manage Server > IP Address 
Management) to view the IP address and port configuration for the POA. This is also true for other 
GroupWise agents (MTA, Internet Agent, and WebAccess Agent) running on NetWare 6.5/OES 
servers. 





IMPORTANT: If the POA is running in protected mode on NetWare, it does not display in Novell 
Remote Manager. 


You access Novell Remote Manager by entering the following URL in a Web browser: 
http://server address: 8008 


For example: 
http://172.16.5.18:8008 


For more information about using Novell Remote Manager, see the NetWare 6.5 Documentation 
Web site (http://www.novell.com/documentation/nw65) and the Novell Open Enterprise Server 
Documentation Web site (http://www.novell.com/documentation/oes). 


37.6 Using an SNMP Management Console 


You can monitor the POA from the Management and Monitoring component of Novell ZENworks® 
for Servers or any other SNMP management and monitoring program. When properly configured, 
the POA sends SNMP traps to network management consoles for display along with other SNMP 
monitored programs. 


Although the POA is SNMP-enabled by default, the server where the POA is installed must be 
properly configured to support SNMP, and the POA object in eDirectory must be properly 
configured as well. To set up SNMP services for your server, complete the following tasks: 


+ Section 37.6.1, “Setting Up SNMP Services for the POA,” on page 541 
+ Section 37.6.2, “Copying and Compiling the POA MIB File,” on page 543 
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¢ Section 37.6.3, “Configuring the POA for SNMP Monitoring,” on page 544 


37.6.1 Setting Up SNMP Services for the POA 


Select the instructions for the platform where the POA runs: 


+ “Setting Up SNMP Services for the NetWare POA” on page 541 
+ “Setting Up SNMP Services for the Linux POA” on page 541 
+ “Setting Up SNMP Services for the Windows POA” on page 542 


Setting Up SNMP Services for the NetWare POA 


The NetWare POA supports SNMP through the SNMP services loaded on the NetWare server. 
SNMP services are provided through the SNMP NLM™. The SNMP NLM initiates and responds to 
requests for monitoring information and generates trap messages. 


If the SNMP NLM is not loaded before the NetWare POA, the POA still loads and functions 
normally, but SNMP support is disabled. The POA does not attempt to auto-load snmp.nlm. 


To load the SNMP NLM manually: 
1 Go to the console of each NetWare server where you want to implement SNMP services. 


These servers should already have the Group Wise agents installed. 
2 Type the command to load the SNMP NLM: 
Syntax: 


load snmp v control=x monitor=y trap=z 


where v represents Verbose, meaning to display informational messages, and x, y and z are 
replaced with your system SNMP community strings for SNMP SETs, GETs and TRAPs). 


Example: 
load snmp v control=private monitor=public trap=all 


The configuration for the SNMP NLM is found in snmp.cfg and traptarg.cfg in the sys:\etc 
directory. View the contents of these files for more information. 


The TCP/IP NLM automatically loads snmp.nlm, using default values for the community 
strings. If your system uses different community string values, load snmp.nlm before tcpip.nlm. 


3 Ifthe SNMP NLM is already loaded, you can add the control and trap parameters by typing the 
following at the console prompt: 


snmp control= trap= 

To automatically load these commands, include them in the autoexec.ncf file. 

For more information about implementing SNMP services, see your NetWare documentation. 
4 Skip to Section 37.6.2, “Copying and Compiling the POA MIB File,” on page 543. 


Setting Up SNMP Services for the Linux POA 


The Linux POA is compatible with NET-SNMP. An older version of SNMP called UCD-SNMP 
cannot be used with the Linux POA. NET-SNMP comes with OES Linux, but it does not come with 


Monitoring the POA 


541 


SLES. If you are using SLES, you must update to NET-SNMP in order to use SNMP to monitor the 
Linux POA. 
1 Make sure you are logged in as root. 


2 If NET-SNMP is not already set up on your Linux server, use the following command to 
configure SNMP: 


snmpconf -g basic setup 


The snmpconf command creates the snmpd.conf file in one of the following directories, 
depending on your version of Linux: 


/usr/share/snmp 
/usr/local/share/snmp 
~/. snmp 


3 Locate the snmpd. conf file on your Linux server. 


In a text editor, open the snmpd.conf file and add the following line: 
dlmod Gwsnmp /opt/novell/groupwise/agents/lib/libgwsnmp.so 


5 Save the snmpd. conf file and exit the text editor. 


6 Restart the SNMP daemon (snmpd) to put the changes into effect. 





IMPORTANT: Make sure that the SNMP daemon always starts before the POA starts. 





7 Skip to Section 37.6.2, “Copying and Compiling the POA MIB File,” on page 543. 


Setting Up SNMP Services for the Windows POA 


SNMP support is provided for up to eight Windows POAs on the same Windows server. Upon 
startup, each instance of the POA is dynamically assigned a row in its SNMP table. View the 
contents of the POA MIB for a description of the SNMP variables in the table. See Section 37.6.2, 
“Copying and Compiling the POA MIB File,” on page 543 for more information about MIB files. 


To set up SNMP services for the Windows POA, complete the following tasks: 
+ “Installing Windows SNMP Support” on page 542 
+ “Installing GroupWise Agent SNMP Support” on page 543 

Installing Windows SNMP Support 


For Windows, the SNMP service is usually not included during the initial operating system 
installation. The SNMP service can be easily added at any time. To add or configure the SNMP 
service, you must be logged in as a member of the Administrator group. 


For example, to add the SNMP service to a Windows 2000 server: 


1 From the Control Panel, double-click Add/Remove Programs. 

2 Click Add/Remove Windows Components. 

3 Select Management and Monitoring Tools. 

4 Click Details, then select Simple Network Management Protocol. 


Continue with “Installing GroupWise Agent SNMP Support” on page 543. 
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Installing GroupWise Agent SNMP Support 


The Group Wise Agent Installation program includes an option for installing SNMP support. 
However, if the server where you installed the agents did not yet have SNMP set up, that installation 
option was not available. Now that you have set up SNMP, you can install GroupWise agent SNMP 
support. 


At the Windows server where you want to install the GroupWise agent SNMP support: 


1 Run setup.exe at the root of the GroupWise 7 Administrator for NetWare/Windows CD. 
Click Install Products > GroupWise Agents > Install GroupWise Agents. 


or 


Run install.exe from the agents subdirectory on the GroupWise 7 Administrator for 
NetWare/Windows CD or in your software distribution directory if you have updated it with the 
latest Group Wise software. 


2 Inthe Installation Path dialog box, browse to and select the path where the agent software is 
installed, then select Install and Configure SNMP for GroupWise Agents. 


3 To shorten the install time, deselect Install GroupWise Agent Software. 


4 Continue through the rest of the installation process as prompted by the Agent Installation 
program. 


The Agent Installation program copies the SNMP support files to the agent installation 
directory, makes the appropriate Windows registry entries, and restarts the Windows SNMP 
service. 


5 Continue with Copying and Compiling the POA MIB File. 


37.6.2 Copying and Compiling the POA MIB File 


An SNMP-enabled POA returns information contained in a Management Information Base (MIB). 
The MIB is an ASCII data structure that defines the information gathered. It also defines the 
properties that can be monitored and managed on the SNMP-enabled POA. 


Before you can monitor an SNMP-enabled POA, you must compile the gwpoa.mib file using your 
SNMP management program. 


NetWare The GroupWise MIBs are located on the GroupWise 7 Administrator for NetWare/ 

and Windows CD inthe \agents\snmp directory or in the 

Windows: software distribution directory\agents\snmp directory if you have 
updated it with the latest GroupWise software. 


Linux: The GroupWise MIBs are located on the GroupWise Administrator for Linux CD in the / 
agents/snmp directory. 


1 Copy the gwpoa.mib file to the location required by your SNMP management program. 
ZENworks Server Management users can access the gwpoa.mib file in the software 
distribution directory. 

2 Compile or import the gwpoa.mib file as required by your SNMP management program. 
For example, to compile the gwpoa.mib file for ZENworks Server Management: 


2a In ConsoleOne, right-click the Site Server object, then click Properties > MIB Pool. 
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2b Click Modify Pool > Add. 
2c Browse to and select the gwpoa .mib file, then click OK. 
2d Click Compile. 


2e Make sure that the server where the POA is running is configured to send SNMP traps to 
the ZENworks Server Management Site Server. 


NetWare: Add the IP address or hostname of the ZENworks Server Management Site 
Server to the traptarg.cfg file in the sys:\etc directory. 


Windows: Add the IP address or hostname of the ZENworks Server Management Site 
Server to the list of trap destinations. For example, from the Windows 2000 
Control Panel, double-click Administrative Tools, then click Services > SNMP 
Service > Properties > Traps. 


Refer to your SNMP management program documentation for specific instructions. 
3 Continue with Configuring the POA for SNMP Monitoring. 


37.6.3 Configuring the POA for SNMP Monitoring 


In order for SNMP monitoring programs to monitor the POA, the POA must be configured with a 
network address and SNMP community string. 

1 Browse to and right-click the POA object, then click Properties. 

2 Click GroupWise > Network Address to display the Network Address page. 


3 Click the pencil icon to provide the TCP/IP address or IPX™/SPX™ address of the server 
where the POA runs, then click Apply. 


4 Click GroupWise > Agent Settings page, then scroll to the bottom of the settings list. 
5 Provide your system SNMP community GET string, then click OK. 
ConsoleOne then notifies the POA to restart so the new settings can be put into effect. 


The POA should now be visible to your SNMP monitoring program. 


37.7 Notifying the GroupWise Administrator 


If you want to be notified with an e-mail message whenever POAs encounter critical errors, you can 
designate yourself as an administrator of the domain where the post offices are located. 


1 In ConsoleOne, browse to and right-click the Domain object, then click Properties to display 
the Identification page. 
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Properties of Provoi 


GroupWise v | nos Rights v | Other | Rights to Files and Folders: | 
Identification | 


Domain: 





Description: 





UNC Path: WIBD-NVisysigwsystem 





Language: English - US 


Domain Type: Primary 





Time Zone: (GMT-07:00) Mountain Time (US & Canada) 


Database Version: i 





Network Type: Novell NetWare 











Administrator: 


Page Options... | Cancel | 








2 Inthe Administrator field, browse to and select your Group Wise user ID. 


A domain can have a single administrator, or you can create a group of users to function as 
administrators. 


3 Click OK to save the administrator information. 
The selected user or group then begins receiving e-mail messages whenever POAs servicing 


post offices in the domain encounter critical errors. 


Corresponding Startup Switches 
By default, the POA generates error mail if an administrator has been assigned for the domain. 
Error mail can be turned off using the /noerrormail switch in the POA startup file. 


POA Web Console 
Another way to receive e-mail notification of POA problems is to use GroupWise Monitor to access 
the POA Web console. See Section 59.5.1, “Configuring E-Mail Notification,” on page 979. 


37.8 Using the POA Error Message 
Documentation 
POA error messages are documented with the source and explanation of the error, possible causes of 


the error, and actions to take to resolve the error. See “Post Office Agent Error Messages” in 
GroupWise 7 Troubleshooting 1: Error Messages. 


37.9 Employing POA Troubleshooting 
Techniques 

If you are having a problem with the POA but are not receiving a specific error message, or if the 
suggested actions for the specific error did not resolve the problem, you can review more general 


troubleshooting strategies for dealing with POA problems. See “Strategies for Agent Problems” in 
GroupWise 7 Troubleshooting 2: Solutions to Common Problems. 
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37.10 Using Platform-Specific POA Monitoring 
Tools 


Each operating system where the GroupWise POA runs provides tools for monitoring programs. 


NetWare: You can use the NetWare Monitor NLM to monitor the effects of the POA on the NetWare 
server. NetWare 6.x/OES provides monitoring tools that you can use from your Web 
browser. Processor, resource, and memory utilization can be compared to other non- 
GroupWise NLM programs to determine if the POA NLM program is monopolizing 
resources. See your NetWare documentation for additional monitoring suggestions. 


Linux: You can use SNMP tools like snmpget and snmpwalk that allow you to retrieve the data 
about all the services registered with the SNMP service. These tools are part of the NET- 
SNMP package. See your Linux documentation for additional monitoring suggestions. 


Windows: You can use the Performance Monitor in Windows Administrator Tools to gather similar 
information. See your Windows documentation for additional monitoring suggestions. 


546 GroupWise 7 Administration Guide 


Optimizing the POA 


You can adjust how the POA functions to optimize its performance. Before attempting optimization, 
you should run the POA long enough to observe its efficiency and its impact on other network 
applications running on the same server. See Chapter 37, “Monitoring the POA,” on page 515. 


Also, remember that optimizing your network hardware and operating system can make a difference 
in POA performance. 


The following topics help you optimize the POA: 


+ Section 38.1, “Optimizing Client/Server Processing,” on page 547 

¢ Section 38.2, “Optimizing Message File Processing,” on page 552 

¢ Section 38.3, “Optimizing Indexing,” on page 554 

+ Section 38.4, “Optimizing Database Maintenance,” on page 559 

+ Section 38.5, “Optimizing CPU Utilization for the NetWare POA,” on page 562 


38.1 Optimizing Client/Server Processing 


If you run only one POA for the post office, you can adjust the number of POA threads and 
connections for client/server processing. If client/server processing needs are extremely heavy for a 
post office, you can set up a dedicated client/server POA to meet those needs. 


+ Section 38.1.1, “Adjusting the Number of POA Threads for Client/Server Processing,” on 
page 547 

+ Section 38.1.2, “Adjusting the Number of Connections for Client/Server Processing,” on 
page 549 


+ Section 38.1.3, “Configuring a Dedicated Client/Server POA,” on page 550 


38.1.1 Adjusting the Number of POA Threads for Client/Server 
Processing 


If the POA is configured with client/server processing enabled, it starts TCP handler threads to 
respond to current client/server requests, up to the number of threads specified by the TCP Handler 
Threads option. To respond to occasional heavy loads, the POA can increase the number of TCP 
handler threads above the specified amount if CPU utilization is below the threshold established by 
the CPU Utilization setting. When the POA rereads its configuration information, the number of 
TCP handler threads drops back within the configured limit. You can determine how often this 
happens by checking the Client/Server Pending Requests History page at the POA Web console. 


If the POA is frequently not keeping up with the client/server requests from GroupWise® client 
users, you can increase the maximum number of TCP handler threads so the POA can create 
additional threads as needed. The default is 10 TCP handler threads; valid values range from | to 40. 


If GroupWise client users cannot connect to the POA immediately or if response is sluggish, you can 
increase the number of threads. 


1 In ConsoleOne®, browse to and right-click the POA object, then click Properties. 
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2 Click GroupWise > Agent Settings to display the Agent Settings page. 


Properties of POA 
NDS Rights + | Other | Rights to Files and Folders | 


Message File Processing: lan +] 

Message Handler Threads: 6 4 
IV Enable TCPAP (for Client/Server) 
TCP Handler Threads: [ 10 4 
Max Physical Connections: [1024 4 
Max App Connections: | 2048 + 
IV Enable Caching 
CPU Ltization (NetWare): [85 $ percent 


Delay Time (NetWare): 100 > miliseconds 
Max Thread Usage for Priming and Moves: 30 + percent 
T Enable IMAP 





Max IMAP Threads: 50 +] 
I” Enable SOAP 





Max SOAP Threads: 20 3 
T Disable Administration Task Processing 


IV Enable SNMP 





CRAN Annana naibi ME Al China 


Page Options... | Cancel | 








3 Increase the number in the TCP Handler Threads field to increase the maximum number of 
threads the POA can create for client/server processing. 


The optimum number of threads for a POA is affected by many factors, including available 
system resources, number of users in Caching mode, number of users priming Caching 
mailboxes, and so on. 

Plan on at least one TCP handler thread per 20-30 client/server users. Or, you can increase the 
number of TCP handler threads in increments of three to five threads until acceptable 
throughput is reached. Another approach would be to set the value high initially and then 
monitor thread usage with the C/S Handler Threads link on the Status page of the POA Web 
console. If some of the threads always have a count of 0 (zero), meaning they are never used, 
you can decrease the number of TCP handler threads accordingly. 


4 Click OK to save the new thread setting. 
ConsoleOne then notifies the POA to restart so the new thread setting can be put into effect. 


Corresponding Startup Switches 
You can also use the /tcpthreads switch in the POA startup file to adjust the number of POA threads. 


POA Web Console 

The Status page helps you assess whether the POA is currently meeting the client/server needs of the 
post office. Under the Thread Status heading, click C/S Handler Threads to display the workload 
and status of the client/server handler threads. 


You can change the number of client/server handler threads on the Configuration page. Under 
Performance Settings, click Client/Server Processing Threads. 
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38.1.2 Adjusting the Number of Connections for Client/Server 


Processing 


Connections are the number of “sockets” through which client/server requests are communicated 


from the GroupWise client to the POA. 


+ Application connections: Each GroupWise user uses one application connection when he or 
she starts GroupWise. Depending on what activities the user is doing in the GroupWise client, 
additional application connections are used. For example, the GroupWise Address Book and 
GroupWise Notify use individual application connections. The default maximum number of 
application connections is 2048. You should plan about 3 to 4 application connections per user, 


so the default is appropriate for a post office of about 500 users. 


+ Physical connections: Each GroupWise user could have zero or multiple active physical 
connections. One physical connection can accommodate multiple application connections. 
Inactive physical connections periodically time out and are then closed by the clients and the 
POA. The default maximum number of physical connections is 1024. You should plan about 1 
to 2 physical connections per user, so the default is appropriate for a post office of about 500 


users. 


If the POA is configured with too few connections to accommodate the number of users in the post 
office, the POA can encounter an error condition such as “GWPOA: Application connection table 


full”. 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Agent Settings to display the Agent Settings page. 


Properties of POA 


NDS Rights + | Other | Rights to Files and Folders | 


Message File Processing: lan +] 

Message Handler Threads: 6 4 
IV Enable TCPAP (for Client/Server) 
TCP Handler Threads: [40 4 
Max Physical Connections: [1024 4 
Max App Connections: [ 2048 + 
IV Enable Caching 
CPU Utilization (NetWare): [85 i percent 

Delay Time (NetWare): [ 100 4 milliseconds 
Max Thread Usage for Priming and Moves: 30 + percent 

[ Enable IMAP 
Max IMAP Threads: [50 4 
[ Enable SOAP 





Max SOAP Threads: 20 + 





[7 Disable Administration Task Processing 


IV Enable SNMP 








RIMM Creme nits ntl bine 


Page Options... | 





Cancel | 





3 Increase the number in the Max Physical Connections field to increase the amount of TCP/IP 


traffic the POA can accommodate. 


4 Increase the number in the Max App Connections field to increase the number of activities the 


attached users can perform concurrently. 


5 Click OK to save the new connection settings. 
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ConsoleOne then notifies the POA to restart so the new connection settings can be put into 
effect. 


Corresponding Startup Switches 
You can also use the /maxappconns and /maxphysconns switches in the POA startup file to adjust 
the POA client/server processing. 


POA Web Console 

The Status page helps you assess whether the POA is currently meeting the client/server needs of the 
post office. Under the Statistics heading, click C/S Requests Pending. You can also manually select 
multiple log files to search in order to display a history of times during the last 24 hours when the 
POA was unable to respond immediately to client/server requests. 


38.1.3 Configuring a Dedicated Client/Server POA 


When Group Wise users access the post office in client/server mode, the responsiveness of the 
GroupWise client depends entirely on the ability of the POA to handle the load placed upon it by the 
users. When you configure a dedicated client/server POA, GroupWise client users do not compete 
with other POA activities. 


Because many POA functions are disabled when a POA is dedicated to client/server processing, you 
must run at least one other POA for the post office to take care of the POA functions that the 
dedicated client/server POA is not performing. This additional POA could be a multipurpose POA, 
or you could configure additional POAs dedicated to specific types of processing. 


To configure a dedicated client/server POA: 


1 Create a new POA object for the post office as described in Section 36.1.1, “Creating a POA 
Object in eDirectory,” on page 476. 


2 Right-click the new POA object, then click Properties. 
3 Click GroupWise > Agent Settings to display the Agent Settings page. 


Properties of POA 

GroupWise + | NDS Rights v | Other | Rights to Files and Folders | 

Agent Settings 
Message File Processing: ot 7] 
Message Handler Threads: 6 i 
IV Enable TCPAP (for Client/Server) 
TCP Handler Threads: [10 4 
Max Physical Connections: [ 2000 + 


Max App Connections: 4000 4 


IV Enable Caching 
CPU Utilization (NetWare): [ 85 S| percent 
Delay Time (NetWare): [ 100 4 milliseconds: 
Max Thread Usage for Priming and Moves: [20 4 percent 
IV Enable IMAP 
Max IMAP Threads: [ 50] 
IV Enable SOAP 








Max SOAP Threads: 


[V Disable Administration Task Processing 





[V Enable SNMP 





CRAN Pons naih NO mt Ohver 


Page Options... Cancel | Apply | Help 








4 Make sure Enable TCP/IP (for Client/Server) is selected. 
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Increase the number in the TCP Handler Threads field as needed to increase the maximum 
number of threads the POA can create. 


The optimum number of threads for a POA is affected by many factors, including available 
system resources, number of users in Caching mode, number of users priming Caching 
mailboxes, and so on. 


Plan on at least one TCP handler thread per 20-30 client/server users. Or, you can increase the 
number of TCP handler threads in increments of three to five threads until acceptable 
throughput is reached. Another approach would be to set the value high initially and then 
monitor thread usage with the C/S Handler Threads link on the Status page of the POA Web 
console. If some of the threads always have a count of 0 (zero), meaning they are never used, 
you can decrease the number of TCP handler threads accordingly. 


Increase the number in the Max Physical Connections field as needed to increase the amount of 
TCP/IP traffic the POA can accommodate. 


Plan on one to two physical connections per user in the post office. 


Increase the number in the Max App Connections field as needed to increase the number of 
activities the attached users can perform concurrently. 


Plan on three to four application connections per user in the post office. 


Set Message File Processing to Off. Make sure another POA handles message file processing. 


9 Select Disable Administration Task Processing, so that this POA does not run an admin thread. 


13 
14 


15 


16 


17 
18 


19 


20 


Make sure that another POA handles administration tasks. 

Click Apply to save the updated information on the Agent Settings page. 

Click GroupWise > QuickFinder. 

Deselect Enable QuickFinder Indexing, then click Apply. Make sure another POA handles 
indexing. 

Click GroupWise > Maintenance. 


Deselect Enable Automatic Database Recovery. Make sure another POA handles database 
recovery. 


Set Maintenance Handler Threads to 0 (zero). Make sure another POA handles database 
maintenance and disk space management. 


Deselect Perform User Upkeep and deselect Generate Address Book for Remote. Make sure 
another POA handles these tasks. 


Click OK to save the new settings for dedicated client/server processing. 


Install the POA software on a different server from where the original POA for the post office is 
already running. See “Installing GroupWise Agents” in the GroupWise 7 Installation Guide. 


Add the /name switch to the POA startup file and specify the name designated when you 
created the new POA object. Also add the /name switch to the startup file for the original POA. 


Start the dedicated client/server POA. 


Corresponding Startup Switches 

You can also use the /nomf, /nogf, /norecover, /nogwchk, /nonuu, and /nordab switches in the POA 
startup file to disable non-client/server processing, then use the /tcpthreads, /maxappconns, and / 
maxphysconns switches to adjust the POA client/server processing. 
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38.2 Optimizing Message File Processing 


If you run only one POA for the post office, you can adjust the number of POA threads for message 
file processing. If message file processing needs are extremely heavy for a post office, you can set 
up a dedicated message file processing POA to meet those needs. 


¢ Section 38.2.1, “Adjusting the Number of POA Threads for Message File Processing,” on 
page 552 


+ Section 38.2.2, “Configuring a Dedicated Message File Processing POA,” on page 553 


38.2.1 Adjusting the Number of POA Threads for Message File 
Processing 


If the POA is configured for message file processing, it starts the number of threads specified by the 
Message Handler Threads option. Message handler threads deliver messages to users mailboxes. 
The default number of message handler threads is 6; valid values range from 1 to 30. 


The more message threads the POA uses, the faster it can process messages. However, the more 
threads the POA uses, the fewer resources are available to other processes running on the server. 


To adjust the number of POA message handler threads: 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Agent Settings to display the Agent Settings page. 


Properties of POA 
DS Rights + | Other | Rights to Files and Folders | 


Message File Processing: lan +] 

Message Handler Threads: 6 + 
IV Enable TCPAP (for Client/Server) 
TCP Handler Threads: [10 4 
Max Physical Connections: [1024 4 
Max App Connections: | 2048 4 
Enable Caching 
CPU Utilization (NetWare): [85 $ percent 


Delay Time (NetWare): 100 4 milliseconds. 


Max Thread Usage for Priming and Moves: | 30 + percent 
T Enable IMAP 
Max IMAP Threads: [504 
[ Enable SOAP 








Max SOAP Threads: 20 + 





[ Disable Administration Task Processing 


IV Enable SNMP 





RIMM Pomme naihi MO tt bine 


Page Options... | Cancel | 








3 Increase the number in the Message Handler Threads field. 


For example, you could increase the number of threads in increments of three to five threads 
until acceptable throughput is reached. The optimum number of threads for a POA is affected 
by many factors, including available system resources. 


4 Click OK to save the new thread setting. 


ConsoleOne then notifies the POA to restart so the new setting can be put into effect. 
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Corresponding Startup Switches 
You can also use the /threads switch in the POA startup file to adjust the number of message handler 
threads. 


POA Web Console 
The Status page helps you assess whether the POA is currently meeting the message file processing 
needs of the post office. Under the Thread Status heading, click Message File Processing Threads to 
display the workload and status of the message handler threads. 


You can change the number of message handler threads on the Configuration page. Under 
Performance Settings, click Message File Processing Threads. 


38.2.2 Configuring a Dedicated Message File Processing POA 


If client/server processing is being handled by a dedicated client/server POA, you can set up one or 
more other POAs to handle other POA functions such as message file processing. 


1 Create a new POA object for the post office as described in Section 36.1.1, “Creating a POA 
Object in eDirectory,” on page 476. 


Right-click the new POA object, then click Properties. 


2 
3 


Click GroupWise > Agent Settings to display the Agent Settings page. 


Properties of POA 


GroupWise v | NDS Rights + | Other | Rights to Files and Folders | 


Message File Processing: 

Message Handler Threads: 

I” Enable TCPAP (for Client/Server) 
TCP Handler Threads: 

Max Physical Connections: 

Max App Connections: 

IV Enable Caching 

CPU Utilization (NetWare): 

Delay Time (NetWare): 

Max Thread Usage for Priming and Moves: 
[ Enable IMAP 

Max IMAP Threads: 

[ Enable SOAP 





IV Enable SNMP 


RIMM Pons nai M ntl belie 


Page Options... 





All y 
30 + 


e 
1024 +] 


2048 | 


85 4 percent 
100 4 milliseconds: 
20 4 percent 





50 + 





20 + 





cancel | Apply | Help 





Set Message File Processing to the desired level for this message file processing POA. 


If you are using just one message file processing POA, set Message File Processing to All. 


For additional load balancing, you could set up two message file processing POAs, one with 
Message File Processing set to High to handle Busy Searches and reguests from Remote client 
users promptly, and a second with Message File Processing set to Low to handle regular 
message delivery in the post office. 


Increase the number in the Message Handler Threads field as needed. 


You can configure as many as 30 message handler threads. The optimum number is affected by 
many factors, including available system resources. 
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6 Deselect Enable TCP/IP (for Client/Server). Make sure another POA handles client/server 
processing. 


7 Select Disable Administration Task Processing, so that this POA does not run an admin thread. 
Make sure that another POA handles administration tasks. 


8 Click Apply to save the updated information on the Agent Settings page. 
9 Click GroupWise > QuickFinder. 


10 Deselect Enable QuickFinder Indexing, then click Apply. Make sure another POA handles 
indexing. 


11 Click GroupWise > Maintenance. 


12 Deselect Enable Automatic Database Recovery. Make sure another POA handles database 
recovery. 


13 Set Maintenance Handler Threads to 0 (zero). Make sure another POA handles database 
maintenance and disk space management. 


14 Deselect Perform User Upkeep and deselect Generate Address Book for Remote. Make sure 
another POA handles these tasks. 


15 Click OK to save the new settings for dedicated message file processing. 


16 Install the POA software on a different server from where the original POA for the post office is 
already running. See “Installing GroupWise Agents” in the GroupWise 7 Installation Guide. 


17 Add the /name switch to the POA startup file and specify the name designated when the new 
POA object was created. Also add the /name switch to the startup file for the original POA. 


18 Start the dedicated message file processing POA. 
Corresponding Startup Switches 
You can also use the /notcpip, /noqf, /norecover, /nogwchk, /nonuu, and /nordab switches in the 


POA startup file to disable non-message file processing, then use the /nomfhigh and /nomflow 
switches in the POA startup file to adjust the POA message file processing. 


38.3 Optimizing Indexing 


If you run only one POA for the post office, you can adjust the indexing schedule. If indexing needs 
are extremely heavy for a post office, you can set up a dedicated indexing POA to meet those needs. 
¢ Section 38.3.1, “Regulating Indexing,” on page 555 
+ Section 38.3.2, “Configuring a Dedicated Indexing POA,” on page 556 
¢ Section 38.3.3, “Customizing Indexing,” on page 557 





NOTE: To facilitate the Find feature in the GroupWise client, the POA searches unindexed 
messages as well as those that have already been indexed, so that all messages are immediately 
available to users whenever they perform a search. The POA does not search unindexed documents, 
so documents cannot be located using the client Find feature until after indexing has been 
performed. 
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38.3.1 Regulating Indexing 


By default, the POA indexes messages and documents in the post office every 24 hours at 8:00 p.m. 
You can modify this interval if users need messages and documents indexed more quickly. To start 
indexing immediately, see “Updating QuickFinder Indexes” on page 527. 


To adjust the interval at which indexing occurs: 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > QuickFinder to display the QuickFinder page. 


Properties of POA 
DS Rights + | Other | Rights to Files and Folders | 


IV Enable QuickFinder Indexing 
Start QuickFinder Indexing: 20 4 minutes: 














QuickFinder Interval: 24 4 minutes: 


Page Options... Cancel | Apply 








3 Make sure Enable QuickFinder Indexing is selected. 


4 In the Start QuickFinder Indexing field, specify the number of hours and minutes after 
midnight you want the POA to start its indexing cycle. 


For example, if you set QuickFinder Interval to 6 and Start OuickFinder Indexing to 1 hour, 
indexing cycles would occur at 1:00 a.m., 7:00 a.m., 1:00 p.m., and 7:00 p.m. 


5 Decrease the number of hours and minutes in the QuickFinder Interval field so indexing occurs 
more frequently. 


The interval is measured from the start of one indexing cycle to the next, so that indexing starts 
at regular intervals, no matter how long each indexing session takes. By default, the start point 
of the cycle is 8:00 p.m. 


To avoid overloading the POA with indexing processing, a maximum of 1000 items are 
indexed per database for each indexing cycle. If a very large number of messages are received 
regularly, you should configure the POA with frequent indexing cycles in order to get all 
messages indexed in a timely manner. 


To handle occasional heavy indexing requirements, you can start indexing manually. See 
“Updating QuickFinder Indexes” on page 527. 


6 Click OK to save the new indexing settings. 


ConsoleOne then notifies the POA to restart so the new settings can be put into effect. 
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Corresponding Startup Switches 
You can also use the /qfinterval, /qfintervalinminute, /qfbaseoffset, and /qfbaseoffsetinminute 
switches in the POA startup file to regulate indexing. 


POA Web Console 

You can control indexing for the current POA session on the Configuration page. Under the General 
Settings heading, click QuickFinder Indexing. If indexing is currently in progress, you can check the 
status of the indexing process on the Scheduled Events page. 


38.3.2 Configuring a Dedicated Indexing POA 


If your Group Wise client users rely heavily on indexed documents, you can set up a dedicated 
indexing POA so that indexing can be done quickly without impacting other POA functions. The 
steps provided in this section would be appropriate for a basic indexing POA. For a discussion of 
more complex configuration options, see Section 23.3, “Indexing Documents,” on page 351. 


To configure a basic dedicated indexing POA: 


1 Create a new POA object for the post office as described in Section 36.1.1, “Creating a POA 
Object in eDirectory,” on page 476. 


2 Right-click the new POA object, then click Properties. 
3 Click GroupWise > QuickFinder to display the QuickFinder page. 


Properties of POA 
GroupWise v | NDS Rights v | Other | Rights to Files and Folders | 
QuickFinder 


IV Enable GuickFinder Indexing 
Start QuickFinder Indexing: 0 +] minutes 











QuickFinder Interval: 0 + minutes 


Page Options... Cancel | Apply 








4 Make sure Enable QuickFinder Indexing is selected. 


5 Inthe Start QuickFinder Indexing field, specify the number of hours and minutes after 
midnight you want the POA to start its indexing cycle. 


The default is 20, meaning at 8:00 p.m. 


6 Set QuickFinder Update Interval low enough to keep up with the indexing demands of your 
Group Wise client users. 


To avoid overloading the POA with indexing processing, a maximum of 1000 items are 
indexed per database for each indexing cycle. If a very large number of messages are received 
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regularly, you should configure the POA with very frequent indexing cycles in order to get all 
messages indexed in a timely manner. 


For continuous QuickFinder™ indexing, set QuickFinder Update Interval to 0 (zero). 
7 Click Apply to save the updated QuickFinder settings. 
8 Click GroupWise > Agent Settings. 
9 Set Message File Processing to Off. Make sure another POA handles message file processing. 


10 Deselect Enable TCP/IP (for Client/Server) and set TCP Handler Threads to 0. Make sure 
another POA handles client/server processing. 


11 Select Disable Administration Task Processing, so that this POA does not run an admin thread. 
Make sure that another POA handles administration tasks. 


12 Click Apply to save the updated agent settings. 
13 Click GroupWise > Maintenance. 


14 Deselect Enable Automatic Database Recovery. Make sure another POA handles database 
recovery. 


15 Set Maintenance Handler Threads to 0 (zero). Make sure another POA handles database 
maintenance and disk space management. 


16 Deselect Perform User Upkeep and deselect Generate Address Book for Remote. Make sure 
another POA handles these tasks. 


17 Click OK to save the new settings for dedicated indexing. 


18 Install the POA software on a different server from where the original POA for the post office is 
already running. See “Installing GroupWise Agents” in the GroupWise 7 Installation Guide. 


19 Add the /name switch to the POA startup file and specify the name designated when the new 
POA object was created. Also add the /name switch to the startup file for the original POA. 


20 Start the dedicated indexing POA. 


Corresponding Startup Switches 

You can also use the /nomf, /notcpip, /norecover, /nonuu, and /nordab switches in the POA startup 
file to disable unwanted processing, then use the /qfinterval, /qfintervalinminute, /qfbaseoffset, and / 
qfbaseoffsetinminute switches to control the indexing schedule. 


38.3.3 Customizing Indexing 


By default, the POA indexes 500 items in a user or library database, then moves on to the next 
database during each QuickFinder indexing cycle. The indexing cycle is established on the 
QuickFinder property page of the POA object. By default, QuickFinder indexing is performed once 
a day at 8:00 p.m. If a database has more than 500 items that need to be indexed, items beyond 500 
wait for the next indexing cycle. 


Occasionally, circumstances arise where indexing needs are especially heavy for a short period of 
time. This can occur when you move users to a different post office or if the QuickFinder indexes for 
a post office become damaged. Startup switches are available for temporary use in the POA startup 
file to customize the way the POA handles indexing. In general, they are not intended for long-term 
use. You might want to set up a separate POA just to handle the temporary indexing needs, as 
described in Section 38.3.2, “Configuring a Dedicated Indexing POA,” on page 556, and use these 
switches only with the dedicated indexing POA. 
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Because the switches are placed in the POA startup file, you must stop and then start the POA to put 
the settings into effect. 


+ “Determining What to Index” on page 558 
+ “Determining Indexing Priority” on page 558 


+ “Reclaiming Disk Space” on page 559 


Determining What to Index 


You can configure the POA to index just user mailbox contents or just library contents. Use the / 
qfnousers switch to focus on indexing library contents. Use the /qfnolibs switch to focus on indexing 
user mailbox contents. Use the /qfnopreproc switch to suppress even the generation of document 
word lists that are normally written to user databases that reference documents. 


When you have a large number of user databases that need to be indexed, you can configure the 
POA to index a specific range of databases based on user FIDs. For a task of this magnitude, you 
should run multiple dedicated indexing POAs with each POA configured to process a specific range 
of databases. Use the /qfuserfidbeg and /qfuserfidend switches to define the range for each POA. 
You can determine the FID numbers of the databases by listing the user databases (userxxx. db) 
in the ofuser directory. The xxx part of the user database name is the FID. 


You could also use these switches to single out a specific user database for indexing. Specify the 
same FID for both switches. To determine a user’s FID, click Help > About GroupWise in the 
GroupWise client. In Online mode, the FID is displayed after the username. In Caching or Remote 
mode, the FID is the last three characters of the Caching or Remote directory (for example, 
c:\novell\groupwise\gwstr7bh). 


Determining Indexing Priority 


The POA carries on many processes at once. If you are not using a dedicated indexing POA, you can 
configure the POA to make indexing a higher or lower priority task than responding to users’ 
activities in their mailboxes. You can also control how many items the POA indexes in each 
database that it processes. Use the /qflevel switch to control indexing priority. The table below 
explains the priority levels: 


Table 38-1 QuickFinder Indexing Priority Levels 


Priority Level Description 
0 Index a maximum of 1000 items at a time, rather than the default of 500. 
1 Index a maximum of 500 items at time, using a low-priority thread. This keeps frequent 


daytime indexing cycles from interfering with users’ activities in their mailboxes. 


2 Index a maximum of 1000 items at a time, using a medium-priority thread. This allows 
additional items in each database to be processed in each indexing cycle. Using a 
medium-priority thread makes indexing more important than some user activities in 
mailboxes. Users might notice some slowness in response from the GroupWise client. 


3 Index a maximum of 2000 items at a time, using a high-priority thread. Using a high- 
priority thread makes indexing more important than many user activities in mailboxes. 
Users will notice some slowness in response from the GroupWise client. This is 
warranted only when the immediate completion of indexing is extremely important. 
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Priority Level Description 


999 Index constantly until all databases have been indexed, then wait until the next indexing 
cycle set on the QuickFinder property page of the POA object before starting to index 
again. 


If you have users who consistently receive more items than are processed during your current daily 
indexing cycle, you could implement an appropriate /qflevel setting for permanent use. 


Reclaiming Disk Space 


The POA uses . idx files to store compressed indexes. It uses . inc files to store incremental 
indexes that have not yet been compressed. At regular intervals, the POA compresses the contents of 
the . inc files and adds the data to the . idx files. Afterwards, it retains the previous . idx and 

. inc files for a period of time. Use the /qfdeleteold switch to delete the previous versions of the 

. idx and .inc files to conserve disk space during periods of heavy indexing. It is primarily 
applicable when using /qflevel=1 where indexing is a lower priority task. For /qflevel=2 and / 
qflevel=3, indexing itself is a higher priority than compression and deletion cleanup tasks. 


38.4 Optimizing Database Maintenance 


If you run only one POA for the post office, you can adjust the number of database maintenance 
threads. If database maintenance needs are extremely heavy for a post office, you can set up a 
dedicated database maintenance POA to meet those needs. 


+ Section 38.4.1, “Adjusting the Number of POA Threads for Database Maintenance,” on 
page 559 


¢ Section 38.4.2, “Configuring a Dedicated Database Maintenance POA,” on page 560 


38.4.1 Adjusting the Number of POA Threads for Database 
Maintenance 


The POA by default performs a certain amount of database maintenance. In addition, you can create 
your own customized maintenance events as described in Section 36.4.1, “Scheduling Database 
Maintenance,” on page 507 and Section 36.4.2, “Scheduling Disk Space Management,” on 

page 510. 


By default, the POA starts one thread to handle all POA scheduled events and also all usage of the 
Mailbox/Library Maintenance feature in ConsoleOne. 


To adjust the number of POA database maintenance handler threads: 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Maintenance to display the Maintenance page. 
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Properties of POA 
IDS Rights v | Other | Rights to Files and Folders: | 


IV Enable Automatic Database Recovery 
Maintenance Handler Threads: 4 
IV Perform User Upkeep 
Start User Upkeep: 1 2] hours after midnight 
IV Generate Address Book for Remote 
Start Address Book Generation: [o hours after midnight 


Disk Check Interval: minutes 








Disk Check Delay: hours 





Page Options... | Cancel | 





3 Increase the number in the Maintenance Handler Threads field. 
4 Click OK to save the new thread setting. 
ConsoleOne then notifies the POA to restart so the new setting can be put into effect. 
Corresponding Startup Switches 


You can also use the /gwchkthreads switch in the POA startup file to increase the number of POA 
threads started for database maintenance activities. 


POA Web Console 

The Status page helps you assess whether the POA is currently meeting the database maintenance 
needs of the post office. Under the Thread Status heading, click GWCheck Worker Threads to 
display the workload and status of the database maintenance handler threads. 


You can change the number of database maintenance handler threads on the Configuration page. 
Under Performance Settings, click Maximum GWCheck Processing Threads. 


38.4.2 Configuring a Dedicated Database Maintenance POA 


If a large amount of database maintenance needs to be performed for a post office, you can set up a 
dedicated database maintenance POA so that the database maintenance activities do not impact 
other POA activities, such as responding to GroupWise client users. 


1 Create a new POA object for the post office as described in Section 36.1.1, “Creating a POA 
Object in eDirectory,” on page 476. 
2 Right-click the new POA object, then click Properties. 


3 Click GroupWise > Maintenance to display the Maintenance page. 
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Properties of POA 
GroupWise + | NDS Rights v | Other | Rights to Files and Folders | 
Maintenance 
IV Enable Automatic Database Recovery 
Maintenance Handler Threads: 
T Perform User Upkeep 
Start hours after midnight 


Start Address Book Generation: hours after midnight 


Disk Check Interval: minutes: 








Disk Check Delay: hours 


Page Options... Cancel | Appy | Hep | 








4 Make sure Enable Automatic Database Recovery is selected. 
5 Set Maintenance Handler Threads as needed. 
The maximum number of threads you can start for database maintenance is 8. 


6 Deselect Perform User Upkeep and deselect Generate Address Book for Remote. Make sure 
another POA handles these tasks. 


7 Set Disk Check Interval and Disk Check Delay as appropriate for the database maintenance 
events you plan to schedule. 


8 Click Apply to save the updated information on the Maintenance page. 


9 Click GroupWise > Scheduled Events, then create database maintenance events as needed, as 
described in Section 36.4.1, “Scheduling Database Maintenance,” on page 507 and 
Section 36.4.2, “Scheduling Disk Space Management,” on page 510. 


10 Click GroupWise > Agent Settings. 


11 Deselect Enable TCP/IP (for Client/Server) and set TCP Handler Threads to 0. Make sure 
another POA handles client/server processing. 


12 Click Apply to save the updated information on the Agent Settings page. 

13 Click GroupWise > QuickFinder. 

14 Deselect Enable QuickFinder Indexing. Make sure another POA handles indexing. 
15 Click OK to save the new settings for dedicated database maintenance processing. 


16 Install the POA software on a different server from where the original POA for the post office is 
already running. See “Installing GroupWise Agents” in the GroupWise 7 Installation Guide. 


17 Add the /name switch to the POA startup file and specify the name designated when you 
created the new POA object. Also add the /name switch to the startup file for the original POA. 


18 Start the dedicated database maintenance POA. 


Corresponding Startup Switches 

You can also use the /nomf, /notcpip, /nogf, /nonuu, and /nordab switches in the POA startup file to 
disable unwanted processing, then use the /gwchkthreads switch to increase the number of database 
maintenance handler threads. 
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38.5 Optimizing CPU Utilization for the NetWare 
POA 


To ensure that it does not dominate the NetWare server CPU, the NetWare POA has a CPU 
utilization threshold. The default CPU utilization threshold for the NetWare POA is 85 percent. You 
can change this threshold using the CPU Utilization option. If CPU utilization exceeds the threshold 
by 5 percent, any idle NetWare POA threads remain idle for the number of milliseconds set by the 
Delay Time option. This cycle continues until CPU utilization drops below the CPU utilization 
threshold. 


To determine the optimum utilization setting for your network, you must consider the following 
factors: 


+ Amount of available memory 
+ Demands of other network applications 


¢ Type of throughput you want the NetWare POA to provide 


As you raise the utilization threshold, NetWare POA efficiency increases; however, other network 
applications have fewer available resources. As you decrease the utilization threshold, NetWare 
POA efficiency is reduced; however, the NetWare POA cooperates better with other applications 
running on the same server. The best way to determine these settings for your network is to 
experiment. 


To adjust the NetWare POA CPU utilization and delay time: 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Agent Settings to display the Agent Settings page. 


Properties of POA 
NDS Rights + | Other | Rights to Files and Folders | 


Message File Processing: lan +] 

Message Handler Threads: 6 4 
IV Enable TCPAP (for Client/Server) 
TCP Handler Threads: [10 4 
Max Physical Connections: [1024 4 
Max App Connections: | 2048 + 
IV Enable Caching 
CPU Ltiization (NetWare): [85 $ percent 


Delay Time (NetWare): 100 4 milliseconds. 
Max Thread Usage for Priming and Moves: 30 4 percent 


T° Enable MAP 
Max IMAP Threads: 50 + 





[ Enable SOAP 





Max SOAP Threads: 20 + 





[ Disable Administration Task Processing 


IV Enable SNMP 





RIMM Crane nai MO alt Obvia 


Page Options... | Cancel | 








3 Increase the number in the CPU Utilization field to allow the NetWare POA to use more server 
resources. 


or 


Decrease the number in the CPU Utilization field to give the NetWare POA fewer server 
resources so those resources can be used by other programs on the server. 
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4 Decrease the number in the Delay Time field to allow NetWare POA threads to take on new 
tasks more quickly. 


or 


Increase the number in the Delay Time field to force NetWare POA threads to pause before 
taking on new tasks. 


5 Click OK to save the new CPU utilization settings. 


ConsoleOne then notifies the POA to restart so the new settings can be put into effect. 


Corresponding Startup Switches 
You can also use the /cpu and /sleep switches in the POA startup file to adjust CPU utilization and 
delay time. 
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Using POA Startup Switches 


You can override settings provided in ConsoleOne® by using startup switches in the POA startup 
file. When you run the Agent Installation program, an initial POA startup file is created in the agent 
installation directory. It is named using the first 8 characters of the post office name with a . poa 
extension. This initial startup file includes the /home startup switch set to the location of the post 


office directory. 


Startup switches specified on the command line override those in the startup file. Startup switches in 
the startup file override corresponding settings in ConsoleOne. 


The table below summarizes POA startup switches for all platforms and how they correspond to 
configuration settings in ConsoleOne. 


Switch start with: abcdefghijklmnopqrstuvwxyz 


Table 39-1 POA Startup Switches 


NetWare POA 


@filename 
/attemptsresetinterval 
/certfile 

/cap 

/capmaxthreads 
/capport 

/capssl 

/cluster 

/cpu 

/dn 


/enforceclientversion 


/evocontrol 
/externalclientss! 


/gwchkthreads 
/gwclientreleasedate 
/ 


gwclientreleaseversion 


/help 


Linux POA 


@filename 
--attemptsresetinterval 
--certfile 

--cap 
--capmaxthreads 
--capport 

--capssl 

--cluster 

N/A 

N/A 


--enforceclientversion 


--evocontrol 
--externalclientssI 


--gwchkthreads 


--gwclientreleasedate 


--gwclientreleaseversion 


--help 


Windows POA 


@filename 
/attemptsresetinterval 
/certfile 

/cap 

/capmaxthreads 
/capport 

/capssl 

N/A 

N/A 

N/A 


/enforceclientversion 


/evocontrol 
/externalclientss! 


/gwchkthreads 
/gwclientreleasedate 
/ 


gwclientreleaseversion 


/help 


ConsoleOne Settings 
N/A 

Incorrect Login Reset Time 
Certificate File 
Enable CAP 

Max CAP Threads 
CAP Port 

CAP SSL 

N/A 

CPU Utilization 

N/A 


Lock Out Older GroupWise 
Clients 


N/A 
Internet Client/Server SSL 


Maintenance Handler 
Threads 


Minimum Client Release 
Date 


Minimum Client Release 
Version 


N/A 


Using POA Startup Switches 


565 


NetWare POA 
/home 
/nttppassword 
/httpport 
/httprefresh 
/httpssl 
/httpuser 
/imap 
/imapmaxthreads 
/imapport 
/imapreadlimit 
limapssl 


/imapsslport 


/incorrectloginattempts 


/internalclientss| 
/intruderlockout 
lip 

/keyfile 
/keypassword 
language 


/Idapdisablepwdchg 


/\dapipaddr 
/Idapippooln 


/I\dappoolresettime 


/\dapport 
/ldapportpooln 
/\dappwd 
Adapssl 
/ldapssipooln 
/I\dapssikey 
/I\dapsslkeypooln 


/Idaptimeout 


Linux POA 
--home 
--httppassword 
--httpport 
--httprefresh 
--httpssl 
--httpuser 
--imap 
--imapmaxthreads 
--imapport 
--imapreadlimit 
--imapssl 


--imapsslport 


--incorrectloginattempts 


--internalclientssl 
--intruderlockout 
--ip 

--keyfile 
--keypassword 
--language 


--Idapdisablepwdchg 


--Idapipaddr 
--Idapippooln 


--Idappoolresettime 


--Idapport 
--Idapportpooln 
--ldappwd 
--Idapssl 
--Idapsslipooln 
--Idapssikey 
--Idapssikeypooln 


--Idaptimeout 
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Windows POA 
/home 
/nttppassword 
/httpport 
/httprefresh 
/nttpssl 
/httpuser 
/imap 
/imapmaxthreads 
/imapport 
/imapreadlimit 
/imapssl 


/imapsslport 


/incorrectloginattempts 


linternalclientssl 
lintruderlockout 
lip 

/keyfile 
/keypassword 
/language 


/I\dapdisablepwdchg 


/\dapipaddr 
/\dapippooln 


/I\dappoolresettime 


Idapport 
Idapportpooln 
/\dappwd 
/idapssl 
Adapsslpooln 
/\dapssikey 
/dapssikeypooln 


/\daptimeout 


ConsoleOne Settings 

N/A 

HTTP Password 

HTTP Port 

N/A 

HTTP SSL 

HTTP User Name 

IMAP 

Max IMAP Threads 
IMAP Port 

N/A 

IMAP SSL 

IMAP SSL Port 

Incorrect Logins Allowed 
Local Intranet Client SSL 
Enable Intruder Detection 
N/A 

SSL Key File 

SSL Key File Password 
N/A 


Disable LDAP Password 
Changing 


LDAP Server Address 
Select LDAP Servers 


LDAP Pool Server Reset 
Timeout 


LDAP Server Address 
LDAP Server Address 
LDAP Password 

Use SSL 

Use SSL 

SSL Key File 

SSL Key File 


Inactive Connection Timeout 


NetWare POA 
/I\dapuser 
/ldapuserauthmethod 
/lockoutresetinterval 
/log 

/logdays 

Nogdiskoff 

/loglevel 

/logmax 
/maxappconns 
/maxphysconns 
/mtpinipaddr 


/mtpinport 


/mtpoutipaddr 


/mtpoutport 


/mtpsendmax 


/mtpssl 
/name 
/noada 
/nocache 
Inoconfig 
/noerrormail 
/nogwchk 
/noldapx 
/nomf 
/nomfhigh 
/nomflow 
/nomtp 
/nonuu 
Mmogf 


/nordab 


Linux POA 
--Idapuser 
--Ildapuserauthmethod 
--lockoutresetinterval 
--log 

--logdays 
--logdiskoff 

--loglevel 

--logmax 
--maxappconns 
--maxphysconns 
--mtpinipaddr 


--mtpinport 


--mtpoutipaddr 


--mtpoutport 


--mtpsendmax 


--mtpssl 
--name 
--noada 
--nocache 
--noconfig 
--noerrormail 
--nogwchk 
--noldapx 
--nomf 
--nomfhigh 
--nomflow 
--nomtp 
--nonuu 
--nogf 


--nordab 


Windows POA 
/Idapuser 
/ldapuserauthmethod 
/lockoutresetinterval 
log 

llogdays 

logdiskoff 

Moglevel 

/logmax 
/maxappconns 
/maxphysconns 
/mtpinipaddr 


/mtpinport 


/mtpoutipaddr 


/mtpoutport 


/mtpsendmax 


/mtpssl 
/name 
/noada 
/nocache 
Inoconfig 
Inoerrormail 
Inogwchk 
/noldapx 
/nomf 
/nomfhigh 
/nomflow 
/nomtp 
/nonuu 
/noagf 


/nordab 


ConsoleOne Settings 

LDAP User Name 

User Authentication Method 
Lockout Reset Time 

Log File Path 

Max Log File Age 

Logging Level 

Logging Level 

Max Log Disk Space 

Max Application Connections 
Max Physical Connections 
IP Address (POA) 


Message Transfer Port 
(POA) 


IP Address (MTA) 


Message Transfer Port 
(MTA) 


Maximum Send Message 
Size 


Message Transfer SSL 
N/A 

N/A 

Enable Caching 

N/A 

N/A 

N/A 

N/A 

Message File Processing 
Message File Processing 
Message File Processing 
N/A 

Perform User Upkeep 
Enable QuickFinder Indexing 


Generate Address 
Books for Remote 
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NetWare POA 
/norecover 
/nosnmp 


/notcpip 


/nuuoffset 
/password 
/port 


/primingmax 


/qfbaseoffset 
lgfbaseoffsetinminute 
/qfdeleteold 
/qfinterval 
/qfintervalinminute 
/qflevel 

/qfnolibs 
/qfnopreproc 
/qfnousers 
/qfuserfidbeg 
/qfuserfidend 
/rdaboffset 


[rights 

N/A 

/sleep 

/soap 
/soapmaxthreads 
/soapport 
/soapsizelimit 
/soapssl 
/soapthreads 
/tcpthreads 
/threads 


/user 


Linux POA 
--norecover 
--nosnmp 


--notcpip 


--nuuoffset 
--password 
--port 


--primingmax 


--qfbaseoffset 
--qfbaseoffsetinminute 
--qfdeleteold 
--qfinterval 
--qfintervalinminute 
--qflevel 

--qfnolibs 
--qfnopreproc 
--qfnousers 
--qfuserfidbeg 
--qfuserfidend 


--rdaboffset 


--rights 

--show 

N/A 

--soap 
--soapmaxthreads 
--soapport 
--soapsizelimit 
--soapssl 
--soapthreads 
--tcpthreads 
--threads 


--user 
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Windows POA 
/norecover 
/nosnmp 


/notcpip 


/nuuoffset 
/password 
/port 


/primingmax 


/qfbaseoffset 
/qfbaseoffsetinminute 
/qfdeleteold 
/qfinterval 
/qfintervalinminute 
/qflevel 

/qfnolibs 
/qfnopreproc 
/qfnousers 
/qfuserfidbeg 
/qfuserfidend 
/rdaboffset 


[rights 

N/A 

N/A 

/soap 
/soapmaxthreads 
/soapport 
/soapsizelimit 
/soapssl 
/soapthreads 
/tcpthreads 
/threads 


/user 


ConsoleOne Settings 
Enable Auto DB Recovery 
Enable SNMP 


Enable TCP/IP 
(for C/S) 


Start User Upkeep 
Remote Password 
Client/Server Port 


Max Thread Usage for 
Priming and Moves 


Start QuickFinder Indexing 
Start QuickFinder Indexing 
N/A 

QuickFinder Interval 
QuickFinder Interval 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 


Start Address Book 
Generation 


N/A 

N/A 

Delay Time (NLM) 
Enable SOAP 

Max SOAP Threads 
SOAP Port 

N/A 

SOAP SSL 

N/A 

TCP Handler Threads 
Message Handler Threads 


Remote User Name 


39.1 @filename 


Specifies the location of the POA startup file. 


NetWare: The full path must be included if the file does not reside in the same directory with the POA 


program. 

Linux: The startup file always resides in the /opt/novell/groupwise/agents/share 
directory. 

Windows: The full path must be included if the file does not reside in the same directory with the POA 
program. 


The startup file must reside on the same server where the POA is installed. 


NetWare POA Linux POA Windows POA 
Syntax: Olvol:]Adin]file O/dir/file @[drive:][\din]file 
Example: load gwpoa @sales.poa ./gwpoa @../share/ gwpoa.exe @sales.poa 
load gwpoa @sys:\agtisales.poa  Inxpost.poa gwpoa.exe @d:\agt\sales.poa 


39.2 /attemptsresetinterval 


Specifies the length of time during which unsuccessful login attempts are counted, leading to 
lockout. The default is 30 minutes; valid values range from 15 to 60. See Section 36.3.5, “Enabling 
Intruder Detection,” on page 506. 


NetWare POA Linux POA Windows POA 
Syntax: /attemptsresetinterval-minutes --attemptsresetinterval minutes /attemptsresetinterval- 
minutes 
Example: /attemptsresetinterval-15 --attemptsresetinterval 45 /attemptsresetinterval-60 


See also /intruderlockout, /incorrectloginattempts, and /lockoutresetinterval. 


39.3 /cap 


Enables CAP (Calendar Access Protocol) so that the POA can communicate with CAP clients. See 
Section 36.2.5, “Supporting CAP Clients,” on page 492. 


NetWare POA Linux POA Windows POA 
Syntax: /cap-enabled or disabled --cap enabled or disabled /cap-enabled or disabled 
Example:  /cap-enabled --cap enabled /cap-enabled 


See also /capmaxthreads, /capport, and /capssl. 
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39.4 /capmaxthreads 


Specifies the maximum number of CAP threads the POA can create to service CAP clients. The 
default is 50. This setting is appropriate for most systems. See Section 36.2.5, “Supporting CAP 
Clients,” on page 492. 


NetWare POA Linux POA Windows POA 
Syntax: /capmaxthreads-number --capmaxthreads number /capmaxthreads-number 
Example: /capmaxthreads-30 --capmaxthreads 40 /capmaxthreads-40 


See also /cap, /capport, /capssl. 


39.5 /capport 


Sets the TCP port number used for the POA to communicate with CAP clients. The default is 1026. 
See Section 36.2.5, “Supporting CAP Clients,” on page 492. 


NetWare POA Linux POA Windows POA 
Syntax: /capport-port_number --capport port_number /capport-port_number 
Example: /capport-1027 --capport 1028 /capport-1028 


See also /cap, /capmaxthreads, and /capssl. 


39.6 /capssl 


Sets the availability of secure SSL communication between the POA and CAP clients. Valid settings 
are enabled and disabled. CAP uses TLS (Transport Layer Security) to negotiate the SSL 
connection. See Section 36.3.3, “Securing the Post Office with SSL Connections to the POA,” on 


page 498. 

NetWare POA Linux POA Windows POA 
Syntax: /capssl-setting --capssl setting /capssl-setting 
Example:  /capssl-enabled --capssl enabled /capssl-enabled 


See also /imap, /imapmaxthreads, and /imapport. 


39.7 /certfile 


Specifies the full path to the public certificate file used to provide secure SSL communication 
between the POA and other programs. See Section 36.3.3, “Securing the Post Office with SSL 
Connections to the POA,” on page 498. 
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NetWare POA Linux POA Windows POA 


Syntax: /certfile-[svA][vol:]\dinfile --certfile /dir/file /certfile-[drive:]\dir\file 
/certfile-\\svAvoldin\file /certfile-\\svAsharename\dinfile 

Example:  /certfile-\ssl\gw.crt --certfile /certs/gw.crt /certfile-\ssl\gw.crt 
/certfile-server2\sys:\ssl\gw.crt /certfile-m:\ssl\gw.crt 
/certfile-\\server2\sys\ssl\gw.crt certfile-\\server2\c\ssl\gw.crt 


See also /keyfile and /keypassword. 


39.8 /cluster 


Informs the POA that it is running in a cluster. When the POA is clustered, the GroupWise client 
waits longer for reconnection. For information about clustering the POA, see the GroupWise 7 
Interoperability Guide. 


If you are running the NetWare POA on the latest version of NetWare 6.x and Novell Cluster 
Services™, the POA can detect the cluster automatically. 


NetWare POA Linux POA Windows POA 


Syntax: /cluster --cluster N/A 


See also /ip. 


39.9 /cpu 


Sets the CPU utilization threshold for the NetWare® POA. The default is 85 per cent. See 
Section 38.5, “Optimizing CPU Utilization for the NetWare POA,” on page 562. 


NetWare POA Linux POA Windows POA 
Syntax: /cpu-percentage N/A N/A 
Example:  /cpu-55 N/A N/A 


See also /sleep. 


39.10 /dn 


Specifies the Novell® eDirectory™ distinguished name of the NetWare POA object to facilitate 
logging into remote servers. It can be used instead of the /user and /password switches. 


NetWare POA Linux POA Windows POA 
Syntax: /dn-distinguished_name N/A N/A 
Example: /dn-POA.sales.provo2 N/A N/A 
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39.11 /enforceclientversion 


Enforces the minimum client release version and/or date so that users of older clients are forced to 
update in order to access their Group Wise? mailboxes. Valid settings are version, date, both, and 
disabled. See Section 36.2.6, “Checking What Group Wise Clients Are in Use,” on page 492. 


NetWare POA Linux POA Windows POA 


Syntax: /enforceclientversion-setting  --enforceclientversion setting /enforceclientversion-setting 


Exampl /enforceclientversion-version  --enforceclientversion date /enforceclientversion-both 
e: 


See also /gwclientreleasedate, and /gwclientreleaseversion. 


39.12 /evocontrol 


Determines which versions of Evolution are allowed to access the post office. Users might 
experience problems using Evolution to connect to their GroupWise mailboxes if they are using 
Evolution 2.6.0 or earlier. In addition, earlier versions of Evolution can cause high utilization on 
GroupWise servers. To encourage users to update to the latest version of Evolution, you can use the 
/evocontrol switch to configure the POA to allow only specified versions of Evolution. For 
information about configuring a post office to support Evolution, see Section 36.2.4, “Supporting 
SOAP Clients,” on page 491. 


NetWare POA Linux POA Windows POA 
Syntax: /evocontrol-Evolution- --evocontrol-Evolution- /evocontrol-Evolution- 
version.date version.date version.date 
/evocontrol-Evolution- --evocontrol-Evolution-Data-  /evocontrol-Evolution-Data- 
Data-Server-version- Server-version-date Server-version-date 
date 
Example: /evocontrol-Evolution- --evocontrol Evolution-1.10-  /evocontrol-Evolution-1.10- 
1.10-2006-12-04 2006-12-04 2006-12-04 
levocontrol-Evolution- --evocontrol Evolution-Data-  /evocontrol-Evolution-Data- 
Data-Server-1.10-2006- Server-1.10-2006-12-04 Server-1.10-2006-12-04 
12-04 


You can put as many as 10 entries in the startup file, so that you can list as many as 10 version of 
Evolution. Entries beyond 10 are ignored. You can view the current entries at the POA Web console 
with the other SOAP settings. The POA log file lists the settings in the Soap Session section. 


39.13 /externalclientssl 


Sets the availability of SSL communication between the POA and GroupWise clients that are 
running outside your firewall. Valid values are enabled, required, and disabled. See Section 36.3.3, 
“Securing the Post Office with SSL Connections to the POA,” on page 498. 


NetWare POA Linux POA Windows POA 


Syntax: /externalclientssl-setting --externalclientssl setting lexternalclientssi-setting 
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NetWare POA Linux POA Windows POA 


Example: /externalclientssl-enabled - --externalclientssi disabled lexternalclientssi-reguired 


See also /certfile, /keyfile, /keypassword, and /port. 


39.14 /gwchkthreads 


Specifies the number of'threads the POA starts for Mailbox/Library Maintenance activities. The 
default is 4; valid values range from 1 to 8. See Section 38.4.1, “Adjusting the Number of POA 
Threads for Database Maintenance,” on page 559. 


NetWare POA Linux POA Windows POA 
Syntax: /gwchkthreads-number --gwchkthreads number /gwchkthreads-number 
Example: /gwchkthreads-5 --gwchkthreads 6 /gwchkthreads-8 


See also /nogwchk. 


39.15 /gwclientreleasedate 


Specifies the date of the approved GroupWise client software for your system. See Section 36.2.6, 
“Checking What GroupWise Clients Are in Use,” on page 492. 


NetWare POA Linux POA Windows POA 

Syntax: /gwclientreleasedate-nm-dd-  --gwclientreleasedate mm- /gwclientreleasedate-mm-da- 
yyyy dd-yyyy yyyy 

Example /gwclientreleasedate-04-02-  --gwclientreleasedate 04-28- /gwclientreleasedate-04-02- 
2001 2004 2001 


See also /gwclientreleaseversion and /enforceclientversion. 


39.16 /gwclientreleaseversion 


Specifies the version of the approved Group Wise client software for your system. See 
Section 36.2.6, “Checking What GroupWise Clients Are in Use,” on page 492. 


NetWare POA Linux POA Windows POA 
Syntax: /gwclientreleaseversion-n.n.n  --gwclientreleaseversion /gwclientreleaseversion-n.n.n 
nnn 
Example /gwclientreleaseversion-6.0.0  --gwclientreleaseversion /gwclientreleaseversion-6.0.0 
: 6.5.1 


See also /gwclientreleasedate and /enforceclientversion. 
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39.17 /help 


Displays the POA startup switch Help information. When this switch is used, the POA does not 


start. 

NetWare POA Linux POA Windows POA 
Syntax: /help or /? --help /help or /? 
Example: load gwpoa /help ./gwpoa --help gwpoa.exe /help 


39.18 /home 


Specifies the post office directory, where the POA can find the message and user databases to 
service. There is no default location. You must use this switch in order to start the POA. 


NetWare POA Linux POA Windows POA 
Syntax: /home-[svn][vol:]\dir --home /dir /home-[drive:]\dir 
/home-\\svAvoldir /home-\\svAsharename\dir 
Example:  /home-\sales --home /gwsystem/sales /home-\sales 
/home-mail:\sales /home-m:\sales 
/home-server2\mail:\sales /home-\\server2\c\sales 


/home-\\server2\mail\sales 


39.19 /httppassword 


Specifies the password for the POA to prompt for before allowing POA status information to be 
displayed in your Web browser. Do not use an existing eDirectory password because the information 
passes over the insecure connection between your Web browser and the POA. See Section 37.2, 
“Using the POA Web Console,” on page 530. 


NetWare POA Linux POA Windows POA 
Syntax: /httppassword- --httppassword /httppassword- 
unique_password unique_password unique_password 


Exampl  /httppassword-AgentWatch --httppassword AgentWatch  /httppassword-AgentWatch 
e: 


See also /httpuser, /httpport, /httprefresh, and /httpssl. 


39.20 /httpport 


Sets the HTTP port number used for the POA to communicate with your Web browser. The default 
is 7181; the setting must be unique. See Section 37.2, “Using the POA Web Console,” on page 530. 


NetWare POA Linux POA Windows POA 


Syntax: Ihttpport-port number --httpport port number Ihttpport-port number 
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Example: /httpport-7182 --httpport 7183 /httpport-7184 
See also /httpuser, /httppassword, /httprefresh, and /httpssl. 


39.21 /httprefresh 


Specifies the rate at which the POA refreshes the status information in your Web browser. The 
default is 60 seconds. See Section 37.2, “Using the POA Web Console,” on page 530. 


NetWare POA Linux POA Windows POA 
Syntax: /nttprefresh-seconds --httprefresh seconds /httprefresh-seconds 
Example:  /httprefresh-30 --httprefresh 90 /httprefresh-120 


See also /httpuser, /httppassword, /httpport, and /httpssl. 


39.22 /httpssl 


Sets the availability of secure SSL communication between the POA and the POA Web console 
displayed in your Web browser. Valid values are enabled and disabled. See Section 36.3.3, 
“Securing the Post Office with SSL Connections to the POA,” on page 498. 


NetWare POA Linux POA Windows POA 
Syntax: /httpssl-setting --httpssl setting /httpssl-setting 
Example: — /httpssl-enabled --httpssi enabled /httpssl-enabled 


See also /certfile, /keyfile, and /keypassword. 


39.23 /httpuser 


Specifies the username for the POA to prompt for before allowing POA status information to be 
displayed in a Web browser. Providing a username is optional. Do not use an existing eDirectory 
username because the information passes over the insecure connection between your Web browser 
and the POA. See Section 37.2, “Using the POA Web Console,” on page 530. 


NetWare POA Linux POA Windows POA 
Syntax: /httpuser-unique_name --httprefresh unique_name /httprefresh-unique_name 
Example: /httpuser-GWWebCon --httpuser GWWebCon /httpuser-GWWebCon 


See also /httppassword, /httpport, /httprefresh, and /httpssl. 
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39.24 /imap 


Enables IMAP so that the POA can communicate with IMAP clients. Valid settings are enabled and 
disabled. See Section 36.2.3, “Supporting IMAP Clients,” on page 490. 


NetWare POA Linux POA Windows POA 
Syntax: /imap-enabled or disabled --imap enabled or disabled  /imap-enabled or disabled 
Example: /imap-enabled --imap disabled /imap-enabled 


See also /imapmaxthreads, /imapport, /imapssl, /imapsslport, and /imapreadlimit. 


39.25 /imapmaxthreads 


Specifies the maximum number of IMAP threads the POA can create to service IMAP clients. The 
default is 40. This setting is appropriate for most systems. See Section 36.2.3, “Supporting IMAP 
Clients,” on page 490. 


NetWare POA Linux POA Windows POA 
Syntax: /imapmaxthreads-number --imapmaxthreads number /imapmaxthreads-number 
Example: /imapmaxthreads-40 --imapmaxthreads 30 /imapmaxthreads-40 


See also /imap, /imapport, /imapssl, /imapsslport, and /imapreadlimit. 


39.26 /imapreadlimit 


Specifies in thousands the maximum number of messages that can be downloaded by an IMAP 
client. For example, specifying 10 represents 10,000. The default is 20,000. 
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Syntax: /imapreadlimit-number --imapreadlimit number /imapreadlimit-number 
Example: /imapreadlimit-10 --imapreadlimit 20 /imapreadlimit-50 


See also /imap, /imapmaxthreads, /imapport, /imapssl, and /imapsslport. 


39.27 /imapport 


Sets the TCP port number used for the POA to communicate with IMAP clients when using a non- 
SSL connection. The default is 143. See Section 36.2.3, “Supporting IMAP Clients,” on page 490. 


NetWare POA Linux POA Windows POA 
Syntax: /imapport-port_number --imapport port_number /imapport-port_number 
Example: /imapport-145 --imapport 146 /imapport-147 
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See also /imap, /imapmaxthreads, /imapssl, /imapsslport, and /imapreadlimit. 


39.28 /imapssl 


Sets the availability of secure SSL communication between the POA and IMAP clients. Valid 
settings are enable and disable. See Section 36.3.3, “Securing the Post Office with SSL Connections 
to the POA,” on page 498. 


NetWare POA Linux POA Windows POA 
Syntax: /imapssl-setting --imapssl setting /imapssl-setting 
Example: /imapssl-enable --imapssl enable /imapssl-enable 


See also /imap, /imapmaxthreads, /imapport, /imapsslport, and /imapreadlimit. 


39.29 /imapssiport 


Sets the TCP port number used for the POA to communicate with IMAP clients when using an SSL 
connection. The default is 993. See Section 36.2.3, “Supporting IMAP Clients,” on page 490. 


NetWare POA Linux POA Windows POA 
Syntax: /imapsslport-port_number --imapsslport port_number /imapsslport-port_number 
Example: /imapsslport-994 --imapsslport 995 /imapsslport-996 


See also/imap, /imapmaxthreads, /imapport, /imapssl, and /imapreadlimit. 


39.30 /incorrectloginattempts 


Specifies the number of unsuccessful login attempts after which lockout occurs. The default is 5 
attempts; valid values range from 3 to 10. See Section 36.3.5, “Enabling Intruder Detection,” on 
page 506. 


NetWare POA Linux POA Windows POA 

Syntax: /incorrectloginattempts- --incorrectloginattempts /incorrectloginattempts- 
number number number 

Exampl /incorrectloginattempts-3 --incorrectloginattempts 10 /incorrectloginattempts-10 


e: 
See also /intruderlockout, /attemptsresetinterval, and /lockoutresetinterval. 


39.31 /internalclientssl 


Sets the availability of secure SSL communication between the POA and Group Wise clients that are 
running inside your firewall. Valid values are enabled, reguired, and disabled. See Section 36.3.3, 
“Securing the Post Office with SSL Connections to the POA,” on page 498. 
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Syntax: /internalclientssl-setting --internalclientss| setting /internalclientssl-setting 


Example: /internalclientssl-enabled --internalclientssl required /internalclientssl-required 


See also /certfile, /keyfile, /keypassword, and /port. 


39.32 /intruderlockout 


Turns on intruder lockout processing, using defaults that can be overridden by the / 
incorrectloginattempts, /attemptsresetinterval, and /lockoutresetinterval switches. See 
Section 36.3.5, “Enabling Intruder Detection,” on page 506. 


NetWare POA Linux POA Windows POA 


Syntax: /intruderlockout --intruderlockout /intruderlockout 


39.33 /ip 


Binds the POA to a specific IP address when the server where it runs uses multiple IP addresses, 
such as in a clustering environment. The specified IP address is associated with all ports used by the 
POA (HTTP, IMAP, LDAP, and so on.) Without the /ip switch, the POA binds to all available IP 
addresses and users can access the post office through all available IP addresses. See Section 36.1.4, 
“Binding the POA to a Specific IP Address,” on page 483. 


See also “Editing Clustered Agent Startup Files” in “Novell Cluster Services on NetWare” in the 
GroupWise 7 Interoperability Guide. 


NetWare POA Linux POA Windows POA 
Syntax: /ip-/P_address --ip IP. address lip-IP. address 

lip-"full DNS name” --ip "full DNS name” lip-"full DNS name” 
Example /ip-172.16.5.18 --ip 172.16.5.18 lip-172.16.5.18 
: lip-"poasvr.provo.novell.com”  --ip "poasvr.provo.novell.com” /ip-"poasvr.provo.novell.com” 


See also /cluster. 


39.34 /keyfile 


Specifies the full path to the private file used to provide secure SSL communication between the 
POA and other programs. See Section 36.3.3, “Securing the Post Office with SSL Connections to 
the POA,” on page 498. 


NetWare POA Linux POA Windows POA 
Syntax: /keyfile-[svr\][vol:]\din\file --keyfile /dir/file /keyfile-[drive:]\din\file 
/keyfile-\\svrvoldin file /keyfile-\\svAsharename\dinfile 
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Example: /kevyfile-\ssl\gw.key --keyfile /certs/gw.key  /keyfile-\ssl\gw.key 
/keyfile-server2\sys:\ssl\gw.key /keyfile-m:\ssl\gw.key 
/keyfile-\\server2\sys\ssl\gw.key /keyfile-\\server2\c\ssl\gw.key 


See also /certfile and /keypassword. 


39.35 /keypassword 


Specifies the password used to encrypt the private SSL key file when it was created. See 
Section 36.3.3, “Securing the Post Office with SSL Connections to the POA,” on page 498. 


NetWare POA Linux POA Windows POA 
Syntax: /keypassword-password --keypassword password /keypassword-password 
Example: /keypassword-gwssl --keypassword gwssl /keypassword-gwssl 


See also /certfile and /keyfile. 


39.36 /language 


Specifies the language to run the POA in, using a two-letter language code as listed below. You must 
install the POA in the selected language in order for the POA to display in the selected language. 


The initial default is the language used in the post office. If that language has not been installed, the 
second default is the language used by the operating system. If that language has not been installed, 
the third default is English. You only need to use this switch if you need to override these defaults. 


NetWare POA Linux POA Windows POA 
Syntax: /language-code --language code /language-code 
Example:  /language-de --language de /anguage-fr 


The table below lists the valid language codes. Contact your local Novell sales office for 
information about language availability. 


Language ii ia Language n ee 
Arabic AR Hungarian MA 
Chinese-Simplified CS Italian IT 
Chinese-Traditional CT Japanese NI 
Czechoslovakian CZ Korean KR 
Danish DK Norwegian NO 
Dutch NL Polish PL 
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Language a Aa Language Fl 
English-United States US Portuguese-Brazil BR 
Finnish SU Russian RU 
French-France FR Spanish ES 
German-Germany DE Swedish SV 
Hebrew HE 


For more information, see Chapter 7, “Multilingual GroupWise Systems,” on page 105. 


39.37 /Idapdisablepwdchg 


Prevents GroupWise users from changing their LDAP passwords by using the Password dialog box 
in the GroupWise client. See Section , “Enabling LDAP Authentication for a Post Office,” on 
page 503. 
NetWare POA Linux POA Windows POA 
Syntax: /Idapdisablepwdchg --Idapdisablepwdchg /\dapdisablepwdchg 


See also /Idapipaddr, /Idapport, /Idapuser, /Idappwd, /Idapuserauthmethod, /Idapssl, /Idapsslkey, and 
/Idaptimeout. 


39.38 /Idapipaddr 


Specifies the LDAP server’s network address as either an IP address or a DNS hostname. You can 
specify multiple network addresses to provide failover capabilities for your LDAP servers. See 
Section , “Specifying Failover LDAP Servers (Non-SSL Only),” on page 505. 


NetWare POA Linux POA Windows POA 
Syntax: /Idapipaddr-network address --Idapipaddr Ildapipaddr-network address 
network address 
Example /Idapipaddr-172.16.5.18 --Idapipaddr 172.16.5.19 /\dapipaddr-172.16.5.20 
/\dapipaddr-server1 server2  --Idapipaddr server1 server2 /Idapipaddr-server1 server2 


If you specify multiple LDAP servers, use a space between each address. When so configured, the 
POA tries to contact the first LDAP server in order to authenticate a user to Group Wise. If that 
LDAP server is down, the POA tries the next LDAP server in the list, and so on until it is able to 
authenticate. 


See also /Idapport, /Idapuser, /Idappwd, /Idapuserauthmethod, /Idapdisablepwdchg, /Idapssl, / 
Idapsslkey, and /Idaptimeout. 
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39.39 /Idapippooln 


Specifies a pooled LDAP server’s network address as either an IP address or a DNS hostname. As 
many as five LDAP servers can participate together as a pool; therefore, n ranges from 1 to 5. See 
“Configuring a Pool of LDAP Servers” on page 504. 


NetWare POA Linux POA Windows POA 
Syntax:  /Idapippooln-network_ address — --Idapippooln Ildapippooln-network address 


network address 


Example /Idapippool1-172.16.5.18 --Idapippool1 172.16.5.18 /Idapippool1-172.16.5.18 
Ildapippool2-server1 --Idapippool2 server1 /ldapippool2-server1 
Ildapippool3-172.16.5.19 --Idapippool3 172.16.5.19 /Idapippool3-172.16.5.19 


See also /Idapportpooln, /Idapsslpooln, /Idapssikeypooln, and /Idappoolresettime. 


39.40 /Idappoolresettime 


Specifies the number of minutes between the time when the POA receives an error response from a 
pooled LDAP server and the time when that LDAP server is reinstated into the pool of available 
LDAP servers. The default is 5 minutes; valid values range from 1 to 30. See “Configuring a Pool of 
LDAP Servers” on page 504. 


NetWare POA Linux POA Windows POA 
Syntax: /\dappoolresettime-minutes  --Idappoolresettime minutes  /Idappoolresettime-minutes 
Example:  /Idappoolresettime-10 --Idappoolresettime 20 /I\dappoolresettime-30 


See also /Idapippooln, /Idapportpooln, /Idapsslpooln, and /Idapssikeypooln. 


39.41 /Idapport 


Specifies the port number that the LDAP server listens on for authentication. The default is 389. See 
Section 36.3.4, “Providing LDAP Authentication for GroupWise Users,” on page 501. 


NetWare POA Linux POA Windows POA 
Syntax: Ildapport-port number --Idapport port number Ildapport-port number 
Example:  /Idapport-390 --Idapport 391 Ildapport-392 


See also /Idapipaddr, /Idapuser, /Idappwd, /Idapuserauthmethod, /Idapdisablepwdchg, /Idapssl, / 
Idapssikey, and /Idaptimeout. 


39.42 /Idapportpooln 


Specifies the port number that pooled LDAP server n listens on for authentication. The default is 
389. See “Configuring a Pool of LDAP Servers” on page 504. 
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Syntax: /ldapportpooln-port --Idapportpooln port /ldapportpooln-port 
Example: /ldapportpool2-390 --Idapportpool3 391 /ldapportpool4-392 


See also /Idapippooln, /Idappoolresettime, /Idapsslpooln, and /Idapsslkeypooln. 


39.43 /Idappwd 


Provides the password for the LDAP user that the POA uses to log in to the LDAP server. See 
Section 36.3.4, “Providing LDAP Authentication for GroupWise Users,” on page 501. 
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Syntax: Ildappwd-LDAP. password --ldappwd LDAP password — /ldappwd-LDAP. password 
Example: — /ldappwd-gwldap --Ildappwd gwldap /\dappwd-gwlidap 


See also /Idapipaddr, /Idapport, /Idapuser, /Idapuserauthmethod, /Idapdisablepwdchg, /Idapssl, / 
Idapsslkey, and /Idaptimeout. 


39.44 /Idapssl 


Indicates to the POA that the LDAP server it is logging in to is using SSL. See Section 36.3.4, 
“Providing LDAP Authentication for GroupWise Users,” on page 501. 


NetWare POA Linux POA Windows POA 


Syntax: /Idapssl --Idapssl /\dapssl 


See also /Idapipaddr, /Idapport, /Idapuser, /Idappwd, /Idapuserauthmethod, /Idapdisablepwdchg, / 
Idapssikey and /Idaptimeout. 


39.45 /Idapsslpooln 


Indicates to the POA that the pooled LDAP server it is logging in to is using SSL. See “Configuring 
a Pool of LDAP Servers” on page 504. 


NetWare POA Linux POA Windows POA 
Syntax: dapsslpooln --Idapssipooln /I\dapsslpooln 
Example: /Idapsslpool2 --Idapssipool3 Ildapsslpool4 


See also /Idapippooln, /Idapportpooln, /Idappoolresettime, and /Idapsslkeypooln. 
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39.46 /Idapsslkey 


Specifies the full path to the SSL key file used with LDAP authentication. See Section 36.3.4, 
“Providing LDAP Authentication for GroupWise Users,” on page 501. 


NetWare POA Linux POA Windows POA 
Syntax: /Idapsslkey-[sv/\][vol:]\dinfile --Idapsslkey /dir/file lIdapssikey-[drive:]\dinfile 
dapssikey-\svñvoldinfile /\dapsslkey- 
\\svñsharename\dinfile 
Example /Idapssikey-\ldap\gwkey.der --Idapsslkey /certs/ lIdapssikey-\Idap\gwkey.der 
/Idapsslkey- gwkey.der Ildapssikey-m:Idaplgwkey.der 
server2\sys:\ldap\gwkey.der /Idapssikey- 
/\dapssikey- \\server2\c\ldap\gwkey.der 


\\server2\sys\Idap\gwkey.der 


See also /Idapipaddr, /Idapport, /Idapuser, /Idappwd, /Idapuserauthmethod, /Idapdisablepwdchg, / 
Idapssl and /Idaptimeout. 


39.47 /Idapsslkeypooln 


Specifies the full path to the SSL key file used with pooled LDAP server n for authentication. See 
“Configuring a Pool of LDAP Servers” on page 504. 


NetWare POA Linux POA Windows POA 
Syntax:  /Idapsslkeypooln- --Idapsslkeypooln-/dir/file /\dapsslkeypooln-[drive:]\dinfile 
[svr\][vol:]\dir\file /\dapsslkeypooln- 
/I\dapsslkeypooln- \\svAsharename\dintfile 
MsvAvohdirfile 
Example /idapsslkeypool4- --Idapsslkeypool4 /certs/ Idapssikeypool4- 
: \Idap\gwkey.der gwkey.der \Idap\gwkey.der 
/\dapssikeypool4- /I\dapsslkeypool4- 
svr2\sys:\ldap\gwkey.der m:\ldap\gwkey.der 
/\dapssikeypool4- /\dapsslkeypool4- 
\\svr2\sys\Idap\gwkey.der \\svr2\c\ldap\gwkey.der 


See also /Idapippooln, /Idapportpooln, /Idappoolresettime, and /Idapsslpooln. 


39.48 /Idaptimeout 


Specifies the number of seconds that the POA connection to the LDAP server can be idle before the 
POA drops the connection. The default is 30 seconds. See Section 36.3.4, “Providing LDAP 
Authentication for GroupWise Users,” on page 501. 


NetWare POA Linux POA Windows POA 
Syntax: Ildaptimeout-seconds --Idaptimeout seconds /\daptimeout-seconds 
Example:  /Idaptimeout-60 --Idaptimeout 70 /\daptimeout-80 
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See also /Idapipaddr, /Idapport, /Idapuser, /Idappwd, /Idapuserauthmethod, /Idapdisablepwdchg, / 
Idapssl, and /Idapssikey. 


39.49 /Idapuser 


Specifies the username that the POA can use to log in to the LDAP server in order to authenticate 
GroupWise client users. See Section 36.3.4, “Providing LDAP Authentication for GroupWise 
Users,” on page 501. 


NetWare POA Linux POA Windows POA 
Syntax: /\dapuser-LDAP_user_ID --ldapuser LDAP user ID Idapuser-LDAP user. ID 
Example:  /Idapuser-GWAuth --Idapuser GWAuth /ldapuser-GWAuth 


See also /Idapipaddr, /Idapport, /Idappwd, /Idapuserauthmethod, /Idapdisablepwdchg, /Idapssl, and / 
Idapsslkey, and /Idaptimeout. 


39.50 /Idapuserauthmethod 


Specifies the LDAP user authentication method you want the POA to use when accessing an LDAP 
server. Valid settings are bind and compare. See Section 36.3.4, “Providing LDAP Authentication 
for Group Wise Users,” on page 501. 


NetWare POA Linux POA Windows POA 

Syntax:  /Idapuserauthmethod- --Ildapuserauthmethod method /Idapuserauthmethod-method 
method 

Example /ldapuserauthmethod-bind --Idapuserauthmethod bind /ldapuserauthmethod- 

| compare 


See also /Idapuser, /Idapipaddr, /Idapport, /Idappwd, /Idapdisablepwdchg, /Idapssl, and /Idapsslkey, 
and /Idaptimeout. 


39.51 /lockoutresetinterval 


Specifies the length of time the user login is disabled after lockout. The default is 30 minutes; the 
minimum setting is 15; there is no maximum setting. The login can also be manually re-enabled in 
ConsoleOne in the GroupWise Account page of the User object. If /lockoutresetinterval is set to 0 
(zero), the login must be re-enabled manually through ConsoleOne. See Section 36.3.5, “Enabling 
Intruder Detection,” on page 506. 


NetWare POA Linux POA Windows POA 


Syntax: /lockoutresetinterval-minutes --lockoutresetinterval minutes /lockoutresetinterval-minutes 


Exampl /lockoutresetinterval-15 --lockoutresetinterval 60 /lockoutresetinterval-90 
e: 


See also /intruderlockout, /incorrectloginattempts, and /attemptsresetinterval. 
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39.52 /log 


Specifies the directory where the POA stores its log files. The default location varies by platform. 


NetWare: post_office\wpcsout\ofs 
Linux: /var/log/novell/groupwise/post_office_name.poa 
Windows: post_office\wpcsout\ofs 


For more information, see Section 37.3, “Using POA Log Files,” on page 538. 


NetWare POA Linux POA Windows POA 
Syntax: Nog-[svn][vol:]\dir --log /dir Nog-[drive:]\dir 
/log-\\svr\voldir Nog-\\svAsharename\dir 
Example:  /log-\agtilog --log /gwsystem/logs /log-\agt\log 
/log-\\server2\mail:\agt\log /log-m:\agt\log 
/log-\\server2\mail\agt\log /log-\\server2\c\mail\agt\log 


Typically you would find multiple log files in the specified directory. The first 4 characters represent 
the date. The next 3 characters identify the agent. A three-digit extension allows for multiple log 
files created on the same day. For example, a log file named 0518poa.001 would indicate that it 
isa POA logfile, created on May 18. Ifyou restarted the POA on the same day, a new log file would 
be started, named 0518poa.002. 


See also /loglevel, /logdiskoff, /logdays, and /logmax. 


39.53 /logdays 


Specifies how many days to keep POA log files on disk. The default is 7 days. See Section 37.3, 
“Using POA Log Files,” on page 538. 


NetWare POA Linux POA Windows POA 
Syntax: llogdays-days --logdays days llogdays-days 
Example:  /logdays-5 --logdays 10 /logdays-14 


See also /log, /loglevel, /logdiskoff, and /logmax. 


39.54 /logdiskoff 


Turns off disk logging for the POA so no information about the functioning of the POA is stored on 
disk. The default is for logging to be turned on. See Section 37.3, “Using POA Log Files,” on 
page 538. 


NetWare POA Linux POA Windows POA 


Syntax: llogdiskoff --logdiskoff /logdiskoff 
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See also /loglevel. 


39.55 /loglevel 


Controls the amount of information logged by the POA. Logged information is displayed in the log 
message box and written to the POA log file during the current agent session. The default is Normal, 
which displays only the essential information suitable for a smoothly running POA. Use Verbose to 
display the essential information, plus additional information helpful for troubleshooting. Verbose 
logging does not degrade POA performance, but log files saved to disk consume more disk space 
when verbose logging is in use. See Section 37.3, “Using POA Log Files,” on page 538. 


NetWare POA Linux POA Windows POA 
Syntax: loglevel-level --loglevel level loglevel-level 
Example:  /loglevel-verbose --loglevel verbose /loglevel-verbose 


See also /log, /logdiskoff, /logdays, and /logmax. 


39.56 /logmax 


Sets the maximum amount of disk space for all POA log files. When the specified disk space is 
consumed, the POA deletes existing log files, starting with the oldest. The default is 65536 KB (100 
MB). See Section 37.3, “Using POA Log Files,” on page 538. 


NetWare POA Linux POA Windows POA 
Syntax: Ilogmax-kilobytes --logmax kilobytes Mogmax-kilobytes 
Example:  /logmax-32000 --logmax 130000 /logmax-16000 


See also /log, /loglevel, /logdiskoff, and /logdays. 


39.57 /maxappconns 


Sets the maximum number of application connections allowed between the POA and the Group Wise 
clients run by GroupWise users. The default maximum number of application connections is 2048. 
See Section 38.1.2, “Adjusting the Number of Connections for Client/Server Processing,” on 


page 549. 

NetWare POA Linux POA Windows POA 
Syntax: /maxappconns-number --maxappconns number /maxappconns-number 
Example: /maxappconns-3072 --maxappconns 4096 /maxappconns-5120 


See also /maxphysconns. 
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39.58 /maxphysconns 


Sets the maximum number of physical TCP/IP connections allowed between the POA and the 
GroupWise clients run by GroupWise users. The default maximum number of physical connections 
is 1024. See Section 38.1.2, “Adjusting the Number of Connections for Client/Server Processing,” 
on page 549. 


NetWare POA Linux POA Windows POA 
Syntax: /maxphysconns-number --maxphysconns number /maxphysconns-number 
Example: /maxphysconns-2048 --maxphysconns 4096 /maxphysconns-5120 


See also /maxappconns. 


39.59 /mtpinipaddr 


Specifies the network address of the server where the POA runs, as either an IP address or a DNS 
hostname. See Section , “Using TCP/IP Links between the Post Office and the Domain,” on 
page 481. 


NetWare POA Linux POA Windows POA 


Syntax: /mtpinipaddr-network_addr --mtpinipaddr network addr = /mtpinipaddr-network addr 
Example: /mtpinipaddr-172.16.5.18 --mtpinipaddr 172.16.5.19 /mtpinipaddr-172.16.5.20 


/mtpinipaddr-server1 --mtpinipaddr server2 /mtpinipaddr-server3 


See also /mtpinport, /mtpoutipaddr, /mtpoutport, /mtpsendmax, and /nomtp. 


39.60 /mtpinport 


Sets the message transfer port number the POA listens on for messages from the MTA. The default 
is 7101. See Section , “Using TCP/IP Links between the Post Office and the Domain,” on page 481. 


NetWare POA Linux POA Windows POA 
Syntax: /mtpinport-port_number --mtpinport port_number /mtpinport-port_number 
Example: /mtpinport-7201 --mtpinport 7202 /mtpinport-7203 


See also /mtpinipaddr, /mtpoutipaddr, /mtpoutport, /mtpsendmax, and /nomtp. 


39.61 /mtpoutipaddr 


Specifies the network address of the server where the MTA for the domain runs, as either an IP 
address or a DNS hostname. See Section , “Using TCP/IP Links between the Post Office and the 
Domain,” on page 481. 
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NetWare POA Linux POA Windows POA 


Syntax: /mtpoutipaddr- --mtpoutipaddr /mtpoutipaddr- 
network_address network_address network_address 

Exampl /mtpoutipaddr-172.16.5.18 --mtpoutipaddr 172.16.5.19 /mtpoutipaddr-172.16.5.19 
/mtpoutipaddr-server2 --mtpoutipaddr server3 /mtpoutipaddr-server4 


See also /mtpinipaddr, /mtpinport, /mtpoutport, /mtpsendmax, and /nomtp. 


39.62 /mtpoutport 


Specifies the message transfer port number the MTA listens on for messages from the POA. The 
default is 7100. See Section , “Using TCP/IP Links between the Post Office and the Domain,” on 


page 481. 

NetWare POA Linux POA Windows POA 
Syntax: /mtpoutport-port_number --mtpoutport port_number /mtpoutport-port_number 
Example: /mtpoutport-7200 --mtpoutport 7300 /mtpoutport-7400 


See also /mtpinipaddr, /mtpinport, /mtpoutipaddr, /mtpsendmax, and /nomtp. 


39.63 /mtpsendmax 


Sets the maximum size in megabytes for messages being sent outside the post office. By default, 
messages of any size can be transferred to the MTA. See Section 36.2.8, “Restricting Message Size 
between Post Offices,” on page 495. 


NetWare POA Linux POA Windows POA 
Syntax: /mtpsendmax-megabytes --mtpsendmax megabytes /mtpsendmax-megabytes 
Example: /mtpsendmax-2 --mtpsendmax 4 /mtpsendmax-6 


See also /mtpinipaddr, /mtpinport, /mtpoutipaddr, /mtpoutport, and /nomtp. 


39.64 /mtpssl 


Sets the availability of secure SSL communication between the POA and its MTA. Valid settings are 
enabled and disabled. See Section 36.3.3, “Securing the Post Office with SSL Connections to the 
POA,” on page 498. 


NetWare POA Linux POA Windows POA 
Syntax: /mtpssl-setting --mtpssl setting /mtpssl-setting 
Example:  /mtpssl-enabled --mtpssi enabled /mtpssl-enabled 
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See also /certfile, /keyfile and /keypassword. 


39.65 /name 


Specifies the object name of the POA object in the post office. If you have multiple POAs 
configured for the same post office, you must use this switch to specify which POA configuration to 
use when the POA starts. Several useful configurations include multiple POAs for a single post 
office, as described in the following sections: 

+ Section 38.1.3, “Configuring a Dedicated Client/Server POA,” on page 550 

¢ Section 38.2.2, “Configuring a Dedicated Message File Processing POA,” on page 553 

+ Section 38.3.2, “Configuring a Dedicated Indexing POA,” on page 556 

¢ Section 38.4.2, “Configuring a Dedicated Database Maintenance POA,” on page 560 


NetWare POA Linux POA Windows POA 
Syntax: /name-object_name --name object_name /name-object_name 
Example: /name-POA2 --name POA2 /name-POA2 


39.66 /noada 


Disables the POA admin thread. For an explanation of the POA admin thread, see Section , “POA 
Admin Thread Status Box,” on page 519. 


The POA admin thread must run for at least one POA for each post office. However, it can be 
disabled for POAs with specialized functioning where the database update and repair activities of 
the POA admin thread could interfere with other, more urgent processing. 
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Syntax: /noada --noada /noada 


Historical Note: In GroupWise 5.2 and earlier, a separate agent, the Administration Agent (ADA), 
handled the functions now consolidated into the POA admin thread. Hence the switch name, /noada. 


39.67 /nocache 


Disables database caching. The default is for caching to be turned on. Use this switch if your backup 
system cannot back up open files. 
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Syntax: /nocache --nocache /nocache 
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39.68 /noconfig 


Ignores any configuration information provided for the POA in ConsoleOne and uses only settings 
from the POA startup file. The default is for the POA to use the information provided in 
ConsoleOne, overridden as needed by settings provided in the startup file or on the command line. 


NetWare POA Linux POA Windows POA 


Syntax: /noconfig --noconfig /noconfig 


39.69 /noerrormail 


Prevents problem files from being sent to the GroupWise administrator. The default is for error mail 
to be sent to the administrator. See Section 37.7, “Notifying the GroupWise Administrator,” on 
page 544. 


NetWare POA Linux POA Windows POA 


Syntax: /noerrormail --noerrormail /noerrormail 


39.70 /nogwchk 


Turns off Mailbox/Library Maintenance processing for the POA. The default is for the POA to 
perform Mailbox/Library Maintenance tasks requested from ConsoleOne and configured as POA 
scheduled events. 


NetWare POA Linux POA Windows POA 
Syntax: /nogwchk --nogwchk /nogwchk 
See also /gwchkthreads. 


39.71 /noldapx 


Configures the NetWare POA to look up users in eDirectory by their e-mail addresses instead of by 
their distinguished names. This allows LDAP authentication to be done against external trees. This 
is accomplished by preventing the LDAPX NLM from loading on the NetWare server where the 


POA is running 
NetWare POA Linux POA Windows POA 
Syntax: /noldapx N/A N/A 


See also /Idapipaddr, /Idapport, /Idapuser, /Idappwd, /Idapuserauthmethod, /Idapdisablepwdchg, / 
Idapssl, /Idapsslkey, and /Idaptimeout. 
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39.72 Inomf 


Turns off all message file processing for the POA. The default is for the POA to process all message 
files. 


Two specialized configurations that require turning off message files are described in Section 38.1.3, 
“Configuring a Dedicated Client/Server POA,” on page 550 and Section 38.3.2, “Configuring a 
Dedicated Indexing POA,” on page 556. 


NetWare POA Linux POA Windows POA 


Syntax: /nomf --nomf Inomf 


See also /nomfhigh and /nomflow. 


39.73 Inomfhigh 


Turns off processing high priority messages files (message queues 0 and 1). For information about 
message queues, see “Post Office Directory” in GroupWise 7 Troubleshooting 3: Message Flow and 
Directory Structure. 


NetWare POA Linux POA Windows POA 


Syntax: /nomfhigh --nomfhigh /nomfhigh 


See also /nomf and /nomflow. 


39.74 Inomflow 


Turns off processing lower priority messages files (message queues 2 through 7). For information 
about message queues, see “Post Office Directory” in GroupWise 7 Troubleshooting 3: Message 
Flow and Directory Structure. 
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Syntax: /nomflow --nomflow /nomflow 


See also /nomf and /nomfhigh. 


39.75 /nomtp 


Disables Message Transfer Protocol, so that a TCP/IP link cannot be used between the POA and the 
MTA. See Section 36.1.3, “Changing the Link Protocol between the Post Office and the Domain,” 
on page 481. 


NetWare POA Linux POA Windows POA 


Syntax: /nomtp --nomtp /nomtp 


See also /mtpinipaddr, /mtpinport, /mtpoutipaddr, /mtpoutport, and /mtpsendmax. 
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39.76 /nonuu 


Disables nightly user upkeep. See Section 36.4.3, “Performing Nightly User Upkeep,” on page 513. 
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Syntax: /nonuu --nonuu /nonuu 


See also /nuuoffset. 


39.77 Inogf 


Disables the periodic QuickFinder™ indexing done by the POA. The default is for periodic indexing 
to be turned on. See Section 38.3.1, “Regulating Indexing,” on page 555. 
NetWare POA Linux POA Windows POA 


Syntax: /noqf --nogf Inoqf 


See also /qfinterval, /qfintervalinminute, /qfbaseoffset, and /qfbaseoffsetinminute. 


39.78 /nordab 


Disables daily generation of the system Address Book for Remote users. See Section 36.4.3, 
“Performing Nightly User Upkeep,” on page 513. 
NetWare POA Linux POA Windows POA 


Syntax: /nordab --nordab /nordab 


See also /rdaboffset. 


39.79 /norecover 


Disables automatic database recovery. The default is for automatic database recovery to be turned 
on. 


If the POA detects a problem with a database when automatic database recovery has been turned off, 
the POA notifies the administrator, but it does not recover the problem database. The administrator 
can then recover or rebuild the database as needed. See Chapter 26, “Maintaining Domain and Post 
Office Databases,” on page 377. 


Two specialized configurations that require turning off automatic database recovery are described in 
Section 38.1.3, “Configuring a Dedicated Client/Server POA,” on page 550 and Section 38.3.2, 
“Configuring a Dedicated Indexing POA,” on page 556. 


NetWare POA Linux POA Windows POA 


Syntax: /norecover --norecover /norecover 
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39.80 /nosnmp 
Disables SNMP for the POA. The default is to have SNMP enabled. See Section 37.6, “Using an 
SNMP Management Console,” on page 540. 

NetWare POA Linux POA Windows POA 


Syntax: /nosnmp --nosnmp /nosnmp 


39.81 /notcpip 


Disables TCP/IP communication for the POA. The default is to have TCP/IP communication 
enabled. Use this switch if you do not want this POA to communicate with GroupWise clients using 
TCP/IP. 


NetWare POA Linux POA Windows POA 
Syntax: /notcpip --notcpip /notcpip 
Two specialized configurations that require turning off automatic database recovery are described in 


Section 38.2.2, “Configuring a Dedicated Message File Processing POA,” on page 553 and 
Section 38.3.2, “Configuring a Dedicated Indexing POA,” on page 556. 


39.82 /nuuoffset 


Specifies the number of hours after midnight for the POA to start performing user upkeep. The 
default is 1 hour; valid values range from 0 to 23. See Section 36.4.3, “Performing Nightly User 
Upkeep,” on page 513. 


NetWare POA Linux POA Windows POA 
Syntax: /nuuoffset-hours --nuuoffset hours /nuuoffset-hours 
Example: /nuuoffset-2 --nuuoffset 3 /nuuoffset-4 


See also /nonuu. 


39.83 /password 


Provides the password for the POA to use when accessing post offices or document storage areas on 
remote servers. You can also provide user and password information on the Post Office Settings 
page in ConsoleOne. 


NetWare POA Linux POA Windows POA 
Syntax: /password-NetWare_password --password /password- 
network_password network_password 
Example /password-GWise --password GWise /password-GWise 
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See also /user and /dn. 


39.84 /port 


Sets the TCP port number used for the POA to communicate with GroupWise clients in client/server 
access mode. The default is 1677. See Section 36.2.1, “Using Client/Server Access to the Post 
Office,” on page 486. 


NetWare POA Linux POA Windows POA 
Syntax: /port-port_number --port port_number /port-port_number 
Example:  /port-1678 --port 1679 /port-1680 


See also /ip. 


39.85 /primingmax 


Sets the maximum number of TCP handler threads that POA can use for priming users’ Caching 
mailboxes. The default is 20 per cent. See Section 36.2.7, “Supporting Forced Mailbox Caching,” on 


page 494. 

NetWare POA Linux POA Windows POA 
Syntax: /primingmax-percentage --primingmax percentage /primingmax-percentage 
Example: /primingmax-40 --primingmax 50 /primingmax-60 


See also /tcpthreads. 


39.86 /qfbaseoffset 


Specifies the number of hours after midnight for the POA to start its indexing cycle as specified by 
the /gfinterval or /gfintervalinminute switch. The default is 20 hours (meaning at 8:00 p.m.); valid 
values range from 0 to 23. See Section 38.3.1, “Regulating Indexing,” on page 555. 


NetWare POA Linux POA Windows POA 
Syntax: /qfbaseoffset-hours --qfbaseoffset hours lgfbaseoffset-hours 
Example:  /qfbaseoffset-1 --qfbaseoffset 2 lgfbaseoffset-3 


See also /gfbaseoffsetinminute, /gfinterval, /gfintervalinminute, and /nogf. 


39.87 /qfbaseoffsetinminute 


Specifies the number of minutes after midnight for the POA to start its indexing cycle as specified 
by the /qfinterval or /qfintervalinminute switch. The default is 20 hours (1200 minutes, meaning at 
8:00 p.m.). The maximum setting is 1440 (24 hours). See Section 38.3.1, “Regulating Indexing,” on 
page 555. 
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NetWare POA Linux POA Windows POA 


Syntax: /afbaseoffsetinminute- --qfbaseoffsetinminute minutes /gfbaseoffsetinminute-minutes 


minutes 
Exampl /qfbaseoffset-30 --qfbaseoffset 45 lgfbaseoffset-90 
e: 


See also /gfbaseoffset, /gfinterval, /gfintervalinminute, and /nogf. 


39.88 /qfdeleteold 


Deletes previous versions of OuickFinder . idx and . inc files to conserve disk space during 
periods of heavy indexing. In general, it is applicable for use only with /gflevel=1, where indexing 
activities are a lower priority task that user activities in their mailboxes. See “Reclaiming Disk 
Space” on page 559. 

NetWare POA Linux POA Windows POA 


Syntax: /qfdeleteold --qfdeleteold /qfdeleteold 


See also /qflevel, /qfnolibs, /qfnopreproc, /qfnousers, /qfusefidbeg, and /qfuserfidend. 


39.89 /gfinterval 


Specifies the interval in hours for the POA to update the QuickFinder indexes in the post office. The 
default is 24 hours. See Section 38.3.1, “Regulating Indexing,” on page 555. 


NetWare POA Linux POA Windows POA 
Syntax: /qfinterval-hours --qfinterval hours /qfinterval-hours 
Example:  /afinterval-12 --gfinterval-6 /qfinterval-2 


See also /qfbaseoffset, /gfbaseoffsetinminute, /gfintervalinminute, and /nogf. 


39.90 /gfintervalinminute 


Specifies the interval in minutes for the POA to update the OuickFinder indexes in the post office. 
The default is 24 hours (1440 minutes). See Section 38.3.1, “Regulating Indexing,” on page 555. 


NetWare POA Linux POA Windows POA 
Syntax: /qfintervalinminute-minutes — --gfintervalinminute minutes /qfintervalinminute-minutes 
Example:  /qfintervalinminute-90 --qfintervalinminute 30 /qfintervalinminute-120 


See also /qfinterval, /gfbaseoffset, /qfbaseoffsetinminute, and /nogf. 
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39.91 /qflevel 


Customizes the way the POA performs indexing. Valid levels are 0 through 3 and 999. See 
“Determining Indexing Priority” on page 558 


NetWare POA Linux POA Windows POA 
Syntax: /qflevel-level --qflevel level /qflevel-level 
Example:  /qflevel-1 --qflevel 3 /qflevel-999 


The following table describes the functionality of each level: 


Table 39-2 QuickFinder Indexing Priority Levels 


Priority Level Description 
0 Index a maximum of 1000 items at a time, rather than the default of 500. 
1 Index a maximum of 500 items at time using a low priority thread. This keeps frequent 


daytime indexing cycles from interfering with users’ activities in their mailboxes. 


2 Index a maximum of 1000 items at a time using a medium priority thread. This allows 
additional items in each database to be processed in each indexing cycle. Use of a 
medium priority thread makes indexing more important than some user activities in their 
mailboxes. Users might notice some slowness in response from the GroupWise client. 


3 Index a maximum of 2000 items at a time using a high priority thread. Use of a high 
priority thread makes indexing more important than many users activities in their 
mailboxes. Users will notice some slowness in response from the GroupWise client. 
This is warranted only when the completion of the indexing immediately is extremely 
important. 


999 Index constantly until all databases have been indexed, then wait until the next indexing 
cycle set on the QuickFinder property page of the POA object before starting to index 
again. 


See also /qfdeleteold, /qfnolibs, /qfnopreproc, /qfnousers, /qfusefidbeg, and /qfuserfidend. 


39.92 /qfnolibs 


Suppresses QuickFinder indexing of documents in libraries in favor of indexing user mailbox 
contents. For full suppression, use /qfnopreproc as well. See “Determining What to Index” on 
page 558 


NetWare POA Linux POA Windows POA 


Syntax: /qfnolibs --qfnolibs /qfnolibs 


See also /qfdeleteold, /qflevel, /qfnopreproc, /qfnousers, /qfusefidbeg, and /qfuserfidend. 
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39.93 /qfnopreproc 


Suppresses generation of document word lists that are normally written to user databases when 
libraries are indexed. Use with /qfnolibs. See “Determining What to Index” on page 558. 


NetWare POA Linux POA Windows POA 
Syntax: /qfnopreproc --qfnopreproc /qfnopreproc 


See also /qfdeleteold, /qflevel, /qfnolibs, /qfnousers, /qfusefidbeg, and /qfuserfidend. 


39.94 /qfnousers 


Suppresses QuickFinder indexing of user mailbox box contents in favor of indexing documents in 
libraries. See “Determining What to Index” on page 558. 
NetWare POA Linux POA Windows POA 


Syntax: /qfnousers --qfnousers /qfnouser 


See also /qfdeleteold, /qflevel, /qfnolibs, /qfnopreproc, /qfusefidbeg, and /qfuserfidend. 


39.95 /qfuserfidbeg 


Specifies the beginning of a range of FIDs associated with user databases (user xxx. db) that you 
want to index. The xxx in the user database filename is the FID. To determine what FIDs are in use, 
list the contents of the ofuser directory in the post office directory. See “Determining What to 
Index” on page 558. 


NetWare POA Linux POA Windows POA 
Syntax: /qfuserfidbeg-fid --qfuserfidbeg fid /qfuserfidbeg-fid 
Example:  /afuserfidbeg-417 --qfuserfidbeg 7ck /qfuserfidbeg-7j6 


See also /qfdeleteold, /qflevel, /qfnolibs, /qfnopreproc, /qfnousers, and /qfuserfidend. 


39.96 /qfuserfidend 


Specifies the end of a range of FIDs associated with user databases (userxxx. db) that you want 
to index. The xxx in the user database filename is the FID. To determine what FIDs are in use, list the 
contents of the ofuser directory in the post office directory. See “Determining What to Index” on 
page 558. 


NetWare POA Linux POA Windows POA 
Syntax: /qfuserfidend-fid --qfuserfidend fid /qfuserfidend-fid 
Example:  /afuserfidbeg-u5p --qfuserfidbeg x9c /qfuserfidbeg-zzf 
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If you want to index just one user database, use the same FID with the /qfuserfidbeg switch and the / 
qfuserfidend switch. To determine a user's FID, click Help > About GroupWise in the Group Wise 
client. In Online mode, the FID is displayed after the username. In Caching or Remote mode, the 
FID is the last three characters of the Caching or Remote directory (for example, 
c:\novell\groupwise\gwstr7bh). 


See also /qfdeleteold, /qflevel, /qfnolibs, /qfnopreproc, /qfnousers, and /qfuserfidbeg. 


39.97 /rdaboffset 


Specifies the number of hours after midnight for the POA to generate the daily copy of the system 
Address Book for Remote users. The default is 0; valid values range from 0 to 23. See 
Section 36.4.3, “Performing Nightly User Upkeep,” on page 513. 


NetWare POA Linux POA Windows POA 
Syntax: /rdaboffset-hours --rdaboffset hours /rdaboffset-hours 
Example:  /rdaboffset-2 --rdaboffset 3 /rdaboffset-4 


See also /nordab. 


39.98 /rights 


Verifies that the POA has the required network rights or permissions to all directories where it needs 
access in the post office directory. 


When started with this switch, the POA lists directories it is checking, which can be a lengthy 
process. Use this switch on an as needed basis, not in the POA startup file. If the POA encounters 
inadequate rights or permissions, it indicates the problem and shuts down. 


NetWare POA Linux POA Windows POA 


Syntax: /rights --rights [rights 


39.99 --show 


Starts the Linux POA with a server console interface similar to that provided for the NetWare and 
Windows POAs. This user interface requires that the X Window System and Open Motif be running 
on the Linux server. 


The --show switch cannot be used in the POA startup file. Therefore, the POA never runs with a user 
interface if it is started automatically whenever the server restarts. 


NetWare POA Linux POA Windows POA 


Syntax: N/A --show N/A 
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39.100 /sleep 


Sets how long NetWare POA threads remain dormant when the CPU utilization threshold has been 
exceeded. The default is 100 milliseconds. See Section 38.5, “Optimizing CPU Utilization for the 
NetWare POA,” on page 562. 


NetWare POA Linux POA Windows POA 
Syntax: /sleep-milliseconds N/A N/A 
Example:  /sleep-300 N/A N/A 


See also /cpu. 


39.101 /soap 


Enables SOAP so that the POA can communicate with SOAP clients. Valid settings are enabled and 
disabled. See Section 36.2.4, “Supporting SOAP Clients,” on page 491. 


NetWare POA Linux POA Windows POA 
Syntax: /soap-enabled or disabled --soap enabled or disabled  /soap-enabled or disabled 
Example:  /soap-enabled --soap enabled /soap-disabled 


See also /soapmaxthreads, /soapport, /soapsizelimit, soapssl, and /soapthreads. 


39.102 /soapmaxthreads 


Specifies the maximum number of SOAP threads the POA can create to service SOAP clients. The 
default is 6; the maximum is 20. This setting is appropriate for most systems. See Section 36.2.4, 
“Supporting SOAP Clients,” on page 491. 


NetWare POA Linux POA Windows POA 
Syntax: /soapmaxthreads-number --soapmaxthreads number /soapmaxthreads-number 
Example: /soapmaxthreads-5 --soapmaxthreads 10 /soapmaxthreads-20 


See also /soap, /soapport, /soapsizelimit, soapssl, and /soapthreads. 


39.103 /soapport 


Sets the TCP port number used for the POA to communicate with SOAP clients. The default is 
7191. See Section 36.2.4, “Supporting SOAP Clients,” on page 491. 


NetWare POA Linux POA Windows POA 
Syntax: /soapport-port_number --soapport port_number /soapport-port_number 
Example: /soapport-145 --soapport 146 /soapport-147 
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See also /soap, /soapmaxthreads, /soapsizelimit, soapssl, and /soapthreads. 


39.104 /soapsizelimit 


Sets the maximum amount of data that the POA can return in a single request from a SOAP client. 
The default is 1024 KB (1 MB), which is the recommended setting. 


NetWare POA Linux POA Windows POA 
Syntax: /soapsizelimit-kilobytes --soapsizelimit kilobytes /soapsizelimit-kilobytes 
Example:  /soapsizelimit-2048 --soapsizelimit 2048 /soapsizelimit-2048 


See also /soap, /soapmaxthreads, /soapport, soapssl, and /soapthreads. 


39.105 /soapssl 


Sets the availability of secure SSL communication between the POA and SOAP clients. Valid 
settings are enable and disable. See Section 36.3.3, “Securing the Post Office with SSL Connections 
to the POA,” on page 498. 


NetWare POA Linux POA Windows POA 
Syntax: /soapssl-setting --soapssl setting /soapssl-setting 
Example: /soapssl-enable --soapssl enable /soapssl-enable 


See also /soap, /soapmaxthreads, /soapport, /soapsizelimit, and /soapthreads. 


39.106 /soapthreads 


Sets the initial number of SOAP threads that the POA starts to service SOAP clients. The default is 
3. The POA automatically starts additional threads as needed. See Section 36.2.4, “Supporting 
SOAP Clients,” on page 491. 


NetWare POA Linux POA Windows POA 
Syntax: /soapthreads-number --soapthreads number /soapthreads-number 
Example: /soapthreads-10 --soapthreads 20 /soapthreads-30 


See also /soap, /soapmaxthreads, /soapport, /soapsizelimit, and /soapssl. 


39.107 /tcpthreads 


Specifies the maximum number of TCP handler threads the POA can create to service client/server 
requests. The default is 6; valid values range from 1 to 40. Plan on about one TCP handler thread per 
20-30 client/server users. See Section 38.1.1, “Adjusting the Number of POA Threads for Client/ 
Server Processing,” on page 547. 
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NetWare POA Linux POA Windows POA 


Syntax: /tcpthreads-number --tcpthreads number /tcpthreads-number 


Example: /tcpthreads-10 --tcpthreads 20 /tcpthreads-20 


See also /primingmax. 


39.108 /threads 


Specifies the maximum number of message handler threads the POA can create. The default is 8; 
valid values range from 1 to 30. See Section 38.2.1, “Adjusting the Number of POA Threads for 
Message File Processing,” on page 552. 


NetWare POA Linux POA Windows POA 
Syntax: /threads-number --threads number /threads-number 
Example: — /threads-10 --threads 20 /threads-30 


39.109 /user 


Provides the network user ID for the POA to use when accessing post offices and/or document 
storage areas on remote servers. You can also provide user and password information on the Post 
Office Settings page in ConsoleOne. For the NetWare POA, see “Creating a NetWare Account for 
Agent Access (Optional)” in “Installing GroupWise Agents” in the GroupWise 7 Installation Guide. 


NetWare POA Linux POA Windows POA 
Syntax: luser-eDirectory user ID --user Linux user ID luser-Windows user ID 
Example:  /user-GWAgents --user GWAgents luser-GWAgents 
NetWare: The eDirectory_user_ID is a user that the POA can use to log in to the remote NetWare 
server. 
Linux: On OES Linux, the Linux_user_ID is a LUM-enabled user that the POA can use to log in to 


the remote OES Linux server. On SLES Linux, it is a standard Linux user. 


Windows: The Windows user IDis a user that the POA can use to log in to the remote Windows 
server. 


See also /password and /dn. 


Windows Note: The Windows POA gains access to the post office directory when it starts. However, 
a particular user might attempt to access a remote document storage area to which the POA does not 
yet have a drive mapping available. By default, the POA attempts to map a drive using the same user 
ID and password it used to access the post office directory. If the user ID and password for the 
remote storage area are different from the post office, then use the /user and /password switches to 
specify the needed user ID and password. You can also provide user and password information on 
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the Post Office Settings page in ConsoleOne. However, it is preferable to use the same user ID and 
password on all servers where the POA needs access. 
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Message Transfer Agent 


+ Chapter 40, “Understanding Message Transfer between Domains and Post Offices,” on 
page 605 


+ Chapter 41, “Configuring the MTA,” on page 613 

¢ Chapter 42, “Monitoring the MTA,” on page 645 

+ Chapter 43, “Optimizing the MTA,” on page 675 

+ Chapter 44, “Using MTA Startup Switches,” on page 683 
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Understanding Message Transfer 
between Domains and Post 
Offices 


A domain organizes post offices into a logical grouping for addressing, routing, and administration 
purposes in your GroupWise” system. Messages are transferred between post offices and domains 
by the Message Transfer Agent (MTA). The following topics help you understand domains and the 
functions of the MTA: 


+ Section 40.1, “Domain Representation in ConsoleOne,” on page 605 

¢ Section 40.2, “Domain Directory Structure,” on page 606 

+ Section 40.3, “Information Stored in the Domain,” on page 606 

+ Section 40.4, “Role of the Message Transfer Agent,” on page 608 

+ Section 40.5, “Link Configuration between Domains and Post Offices,” on page 608 
+ Section 40.6, “Message Flow between Domains and Post Offices,” on page 608 


+ Section 40.7, “Cross-Platform Issues between Domains and Post Offices,” on page 609 


40.1 Domain Representation in ConsoleOne 


In ConsoleOne®, domains are container objects that contain an MTA object, as well as other 
domain-related objects, as shown below: 


Figure 40-1 ConsoleOne View Showing the MTA Object 
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Although each post office is linked to a domain, it does not display as subordinate to the domain in 
the Console View. However, using the GroupWise View, you can display post offices as subordinate 
to the domains to which they are linked in your Group Wise system. 
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Figure 40-2 GroupWise View Showing Post Offices in Relationship to Domains 
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40.2 Domain Directory Structure 


Physically, a domain consists of a set of directories that house all the information stored in the 
domain. See “Domain Directory” in Group Wise 7 Troubleshooting 3: Message Flow and Directory 
Structure. 


40.3 Information Stored in the Domain 


The following types of information are stored in the domain: 


+ Section 40.3.1, “Domain Database,” on page 606 
+ Section 40.3.2, “Agent Input/Output Queues in the Domain,” on page 607 
+ Section 40.3.3, “Gateways,” on page 607 
No messages are stored in the domain, so GroupWise client users do not need access to the domain 


directory. The only person who needs file access to the domain directory is the GroupWise 
administrator. 


40.3.1 Domain Database 


The domain database (wodomain . db) contains all administrative information for the domain, 
including: 


+ Address information about all GroupWise objects (such as users, resources, post offices, and 
gateways in the domain) 
+ System configuration and linking information for the domain’s MTA 
+ Address and message routing information to other domains 
The first domain you create is the primary domain. In the primary domain, the wodomain. db file 
contains all administrative information for your entire GroupWise system (all its domains, post 
offices, users, and so on). Because the wodomain. db file in the primary domain is so crucial, you 


should back it up regularly and keep it secure. See Section 31.1, “Backing Up a Domain,” on 
page 407. 
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You can re-create your entire GroupWise system from the primary domain wodomain. db file; 
however, if the primary domain wpdomain. db file becomes unusable, you can no longer make 
administrative updates to your GroupWise system. 


Secondary domains are automatically synchronized to match the primary domain. 


40.3.2 Agent Input/Output Queues in the Domain 


Each domain contains agent input/output queues where messages are deposited and picked up for 
processing by the MTA. 


For a mapped or UNC link between domains, the MTA requires read/write access rights to its input/ 
output queues in the other domains. For a TCP/IP link, no access rights are required because 
messages are communicated by way of TCP/IP. 


For illustrations of the processes presented below, see Section 40.6, “Message Flow between 
Domains and Post Offices,” on page 608. 


MTA Input Queue in the Domain 


The MTA input queue in the local domain (domain\wpcsin) is where MTAs for other domains 
deposit user messages for the local MTA to route to local post offices or to route to other domains. 
Thus the MTA input queue in the local domain is the output queue for the MTAs in many other 
domains. 


The MTA does not have an output queue for user messages in the local domain. Because its primary 
task is routing messages, the local MTA has output queues in all post offices in the domain. See 
“POA Input Queue in the Post Office” on page 467. The local MTA also has output queues in all 
domains to which it is directly linked. 


MTA Output Queue in the Domain 


The MTA output queue in the local domain (domain\wpcsout\ads) is where the MTA deposits 
administrative messages from other domains for the MTA admin thread to pick up. 


MTA Admin Thread Input Queue in the Domain 


The MTA admin thread input queue (domain\wpcsout\ads) is, of course, the same as the MTA 
output queue in the local domain. The MTA admin thread picks up administrative messages 
deposited in the queue by the MTA and updates the domain database. 


MTA Admin Thread Output Queue in the Domain 


The MTA admin thread output queue (domain\wpcsin) is the same as the MTA input queue in 
the local domain. The MTA admin thread deposits administrative messages in the queue for 
replication to other domains. 


40.3.3 Gateways 


Gateways are installed and configured at the domain level of your GroupWise system. For a list of 
gateways, see the Group Wise Gateways Documentation Web site (http://www.novell.com/ 
documentation/gwgateways). 
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40.4 Role of the Message Transfer Agent 
You must run an MTA for each domain. The MTA: 


+ Routes messages between post offices in the local domain. 
+ Routes messages between domains. 
+ Routes messages to and from gateways installed in the local domain. 


+ Routes messages between GroupWise systems across the Internet if appropriate DNS lookup 
capabilities have been set up. See “Using Dynamic Internet Links” in “Connecting to 
GroupWise 5.x, 6.x, and 7.x Systems” in the GroupWise 7 Multi-System Administration Guide. 


¢ Schedules routing of messages across expensive links. See Section 41.3.2, “Scheduling Direct 
Domain Links,” on page 633. 


+ Controls the size of messages that can pass across links. See Section 41.2.1, “Restricting 
Message Size between Domains,” on page 628. 


+ Updates the domain database (wpdomain.db) whenever GroupWise users, resources, post 
offices, or other Group Wise objects are added, modified, or deleted. 


+ Replicates updates to all domains and post offices throughout your GroupWise system. This 
keeps the Address Book up to date for all Group Wise users. 


+ Synchronizes Group Wise user information with Novell? eDirectory™ user information. This 
handles updates made in ConsoleOne without the GroupWise Administrator snap-in running. 
See Section 41.4.1, “Using eDirectory User Synchronization,” on page 638. 


+ Synchronizes Group Wise object information throughout your Group Wise system as needed. 
+ Detects and repairs invalid information in the domain database (wpdomain . db). 


+ Provides improved performance for Group Wise Remote client users. See Section 41.2.2, 
“Enabling Live Remote,” on page 629. 


+ Provides logging and statistics about Group Wise message flow. See Section 41.4.2, “Enabling 
MTA Message Logging,” on page 643. 


40.5 Link Configuration between Domains and 
Post Offices 


In GroupWise, a link is defined as the information required to route messages between domains, 
post offices, and gateways in a GroupWise system. Links are created and configured when new 
domains, post offices, and gateways are created. 


For more specific information about how domains are linked to each other, and about how domains 
and post offices are linked, see Chapter 10, “Managing the Links between Domains and Post 
Offices,” on page 137. 


40.6 Message Flow between Domains and Post 
Offices 


+ Section 40.6.1, “Message Flow between Post Offices in the Same Domain,” on page 609 


+ Section 40.6.2, “Message Flow between Different Domains,” on page 609 
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40.6.1 Message Flow between Post Offices in the Same 
Domain 


To see what happens to message flow within the domain when the domain is closed, view the 
following message flow diagrams: 


+ “TCP/IP Link Open: Transfer between Post Offices Successful” 
+ “TCP/IP Link Closed: Transfer between Post Offices Delayed” 
These diagrams are found in “Message Delivery to a Different Post Office” in GroupWise 7 


Troubleshooting 3: Message Flow and Directory Structure. If you are using mapped/UNC links, 
refer to GroupWise 6.5 Troubleshooting 3: Message Flow and Directory Structure. 


40.6.2 Message Flow between Different Domains 


To see what happens to message flow when the destination domain is closed, view the following 
message flow diagrams: 

+ “TCP/IP Link Open: Transfer between Domains Successful” 

+ “TCP/IP Link Closed: Transfer between Domains Delayed” 
These diagrams are found in “Message Delivery to a Different Domain” in GroupWise 7 


Troubleshooting 3: Message Flow and Directory Structure. If you are using mapped/UNC links, 
refer to GroupWise 6.5 Troubleshooting 3: Message Flow and Directory Structure. 


40.7 Cross-Platform Issues between Domains 
and Post Offices 


Domains can be located on the following platforms: 


+ Novell NetWare® 
+ Windows Server 


+ Linux 
The GroupWise agents can run on the following platforms: 


+ Novell NetWare 

+ Windows Server 

+ Linux 
In general, GroupWise is most efficient if you match the agent platform with the network operating 
system. Ideally, the MTA as well as the domain and post offices should be on the same platform. 


However, those with mixed networks may wonder what combinations are possible. You have several 
alternatives. 


+ Section 40.7.1, “MTA Platform Dependencies Because of Direct Access Requirements to Post 
Offices,” on page 610 
+ Section 40.7.2, “MTA/Post Office Platform Independence through TCP/IP Links,” on page 610 


+ Section 40.7.3, “MTA Platform Dependencies Because of Direct Access Requirements to the 
Domain,” on page 610 
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+ Section 40.7.4, “MTA/Domain Platform Independence through TCP/IP Links,” on page 611 


+ Section 40.7.5, “MTA/Domain Platform Independence through the Transfer Pull 
Configuration,” on page 611 


40.7.1 MTA Platform Dependencies Because of Direct Access 
Requirements to Post Offices 


The MTA must always have direct access to the domain directory. In addition, if using mapped or 
UNC links to post offices, the MTA must have direct access to each post office directory as well. If 
the MTA is installed on a remote server, it must be able to log in to servers where the post offices are 
located. 


The table below summarizes the various combinations of MTA and post office platforms, and 
indicates which combinations work for direct access and which ones do not: 


Table 40-1 MTA Platforms and Post Office Platforms 


NetWare MTA Linux MTA Windows MTA 
Post Office on NetWare Yes No! Yes 
Post Office on Linux No! No! No! 
Post Office on Windows No? No! Yes 
Post Office on No? No? No? 


Macintosh 


| TCP/IP links are required between the MTA and the POA on Linux. Direct access to post offices is 
not available. 


2 The NetWare MTA cannot service a domain or post office on a Windows server because Windows 
does not support the required cross-platform connection. 
3 Domains and post offices cannot be created on Macintosh computers. 


40.7.2 MTA/Post Office Platform Independence through TCP/IP 
Links 


To overcome platform dependencies for post offices, create a TCP/IP link for any post office located 
on a platform where the domain MTA cannot gain direct access. See “Using TCP/IP Links between 
a Domain and its Post Offices” on page 623. 


40.7.3 MTA Platform Dependencies Because of Direct Access 
Requirements to the Domain 
If using mapped or UNC links between domains, the source domain MTA must have direct access to 


its input queues in the destination domain directory. If the MTA is installed on a remote server, it 
must be able to log in to the server where its domain located. 
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The table below summarizes the various combinations of the platform of MTA for the source 
domain and the platform where the destination domain is located, and indicates which combinations 
work for direct access and which ones do not: 


Table 40-2 MTA Platforms and Domain Platforms 


NetWare MTA for Linux MTA for Source Windows MTA for Source 
Source Domain Domain Domain 

Destination Domain on Yes No! Yes 

NetWare 

Destination Domain on No! No! No? 

Linux 

Destination Domain on No2 No! Yes 

Windows 

Destination Domain on No? No? No? 

Macintosh 


! TCP/IP links are required between MTAs in Group Wise 7. Direct access to other domains is not 
available. 


2 The NetWare MTA cannot write message files into its output gueue in a destination domain on a 
Windows server because Windows does not support the reguired cross-platform connection. 


3 Domains cannot be created on Macintosh computers. 


40.7.4 MTA/Domain Platform Independence through TCP/IP 
Links 


To overcome platform dependencies between domains, use TCP/IP links between domains. See 
Section , “Using TCP/IP Links between Domains,” on page 618. 


40.7.5 MTA/Domain Platform Independence through the 
Transfer Pull Configuration 


If TCP/IP is not available, another alternative for overcoming platform dependencies is a transfer 
pull configuration. 


By default the MTA “pushes” message files out to destination domains by writing them into its 
output queue in each destination domain. One situation where this method does not work is for the 
NetWare MTA on a NetWare server to write message files to its input queue in a destination domain 
located on a Windows server. 


As an alternative, you can have the Windows MTA for the destination domain “pull” the message 
files from the source domain on the NetWare server. This is called a transfer pull configuration. See 
Section 41.3.3, “Using a Transfer Pull Configuration,” on page 636 for setup instructions. 
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Configuring the MTA 


For detailed instructions about installing and starting the MTA for the first time, see “Installing 
GroupWise Agents” in the GroupWise 7 Installation Guide. 


As your GroupWise® system grows and evolves, you will probably need to modify MTA 
configuration to meet changing system needs. The following topics help you configure the MTA: 


+ 


Section 41.1, “Performing 


Basic MTA Configuration,” 


on page 613 


Section 41.2, “Configuring 
User Access through the 
Domain,” on page 628 


Section 41.3, “Configuring 
Specialized Routing,” on 
page 631 


Section 41.4, “Configuring 
Domain Maintenance,” on 
page 638 


Creating an MTA Object in eDirectory 

Configuring the MTA in ConsoleOne 

Changing the Link Protocol between Domains 

Changing the Link Protocol between a Domain and Its Post Offices 
Binding the MTA to a Specific IP Address 

Moving the MTA to a Different Server 

Adjusting the MTA for a New Location of a Domain or Post Office 
Adjusting the MTA Logging Level and Other Log Settings 


Restricting Message Size between Domains 
Enabling Live Remote 
Securing the Domain with SSL Connections to the MTA 


Using Routing Domains 
Scheduling Direct Domain Links 
Using a Transfer Pull Configuration 


Using eDirectory User Synchronization 
Enabling MTA Message Logging 


41.1 Performing Basic MTA Configuration 


MTA configuration information is stored as properties of its MTA object in eDirectory™. The 
following topics help you modify the MTA object in ConsoleOne® and change MTA configuration 
to meet changing system configurations: 


+ 


+ 


+ 


Section 41.1.1, “Creating an MTA Object in eDirectory,” on page 614 


Section 41.1.2, “Configuring the MTA in ConsoleOne,” on page 615 


Section 41.1.3, “Changing the Link Protocol between Domains,” on page 618 


Section 41.1.4, “Changing the Link Protocol between a Domain and Its Post Offices,” on 


page 622 


Section 41.1.5, “Binding the MTA to a Specific IP Address,” on page 625 
Section 41.1.6, “Moving the MTA to a Different Server,” on page 626 
Section 41.1.7, “Adjusting the MTA for a New Location of a Domain or Post Office,” on 


page 626 


Section 41.1.8, “Adjusting the MTA Logging Level and Other Log Settings,” on page 627 
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41.1.1 Creating an MTA Object in eDirectory 


When you create a new domain, an MTA object is automatically created for it. If the original MTA 
object for a domain gets accidently deleted, you can create a new one for it. Do not attempt to create 
more than one MTA object for a domain. 


To create a new MTA object in Novell® eDirectory: 


1 In ConsoleOne, browse to and right-click the Domain object for which you need to create an 
MTA object, then click New. 


2 Double-click GroupWise Agent to display the Create GroupWise Agent dialog box. 


HS Create GroupWise Agent 


Agent Name: 





Type: 














T Define additional properties 
T Create another agent 





3 Type aunigue name for the new MTA. The name can include as many as 8 characters. Do not 
use any of the following invalid characters in the name: 


ASCII characters 0-13 Comma, 


Asterisk * Double quote " 

At sign @ Extended ASCII characters that are graphical or typographical 
symbols; accented characters in the extended range can be used 

Braces { } Parentheses ( ) 

Colon : Period . 


The Type field is automatically set to Message Transfer. 
4 Select Define Additional Properties. 
5 Click OK. 
The MTA object is automatically placed within the Domain object. 


6 Review the information displayed for the first four fields on the Identification page to ensure 
that you are creating the correct type of Agent object in the correct location. 
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Properties of MTA 
DS Rights + | Other | Rights to Files and Folders | 


Domain: Provo1 
Distinguished Name: MTA Provo1 .GroupWise 
Name: MTA 


Agent Type: Message Transfer 





Description: ss Message Transfer Agent 








Platform: [Netware 


Page Options... Cancel | 








7 Inthe Description field, type one or more lines of text describing the MTA. This description 
displays on the MTA server console as the MTA runs. 


If multiple administrators work at the server where the MTA will run, the description includes a 
note about who to contact before stopping the MTA. When running multiple MTAs on the same 
server, the description should uniquely identify each one. See Chapter 42, “Monitoring the 
MTA,” on page 645. 


8 In the Platform field, select the platform (NetWare, Linux, or Windows) where the MTA will 
run. 


9 Continue with Section 41.1.2, “Configuring the MTA in ConsoleOne,” on page 615. 


41.1.2 Configuring the MTA in ConsoleOne 


The advantage to configuring the MTA in ConsoleOne, as opposed to using startup switches in an 
MTA startup file, is that the MTA configuration settings are stored in eDirectory. 


1 In ConsoleOne, expand the eDirectory container where the Domain object is located. 
2 Expandthe Domain object. 
3 Right-click the MTA object, then click Properties. 
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Properties of MTA 


IDS Rights v | Other | Rights to Files and Folders | 


Domain: Provo1 


Distinguished Name: 


Name: MTA 


MTA Provo1 .GroupWise 


Agent Type: Message Transfer 





Description: ss Message Transfer Agent 





Platform: |Netware 


Page Options... 








Cancel | 





The table below summarizes the MTA configuration settings in the MTA object properties pages and 
how they correspond to MTA startup switches (as described in Chapter 44, “Using MTA Startup 


Switches,” on page 683): 


Table 41-1 MTA Configuration Settings 


ConsoleOne Properties Pages and 


Settings 
Information Page 


Domain 
Distinguished Name 
Name 

Agent Type 
Description 

Platform 


Agent Settings Page 


Scan Cycle 
Scan High 


Attach Retry 


Enable Automatic Database 
Recovery 


Use 2nd High Priority Scanner 
Use 2nd Mail Priority Scanner 


SNMP Community "Get" String 
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Corresponding Tasks and Startup Switches 


See Section 41.1.1, “Creating an MTA Object in eDirectory,” on 
page 614. 


See Section 43.2.2, “Adjusting MTA Polling of Input Queues in the 
Domain, Post Offices, and Gateways,” on page 676. 
See also /cyhi and /cylo. 


See Section 43.4, “Adjusting MTA Polling of Closed Locations,” on 
page 680. 


See /norecover. 


See Section 43.2.3, “Adjusting the Number of MTA Scanner 
Threads for the Domain and Post Offices,” on page 678. 
See also /fast0 and /fast4. 


See Section 42.6, “Using an SNMP Management Console,” on 
page 667. 


ConsoleOne Properties Pages and 
Settings 


HTTP User Name 
HTTP Password 


Network Address Page 


TCP/IP Address 
IPX/SPX Address 


Bind Exclusively to TCP/IP Address 


Message Transfer 


HTTP 


Log Settings Page 


Log File Path 
Logging Level 

Max Log File Age 
Max Log Disk Space 


Message Log Settings Page 


Message Logging Level 
Message Log File Path 


Scheduled Events Page 


eDirectory User Synchronization 
Event 


Routing Options Page 


Default Routing Domain 


Force All Messages to Default 
Routing Domain 


Allow MTA to Send Directly to 
Other GroupWise Systems 


MTA SSL Settings Page 


Corresponding Tasks and Startup Switches 


See Section 42.2.1, “Setting Up the MTA Web Console,” on 
page 657. 
See also /httpuser and /httppassword. 


See Section , “Using TCP/IP Links between Domains,” on 

page 618 and Section , “Using TCP/IP Links between a Domain 
and its Post Offices,” on page 623. 

See also /ip and /tcpport. 


See Section 41.1.5, “Binding the MTA to a Specific IP Address,” on 
page 625. 
See also /ip. 


See Section , “Using TCP/IP Links between Domains,” on 
page 618. 
See also /msgtranssl. 


See Section 42.2.1, “Setting Up the MTA Web Console,” on 
page 657. 
See also /httpssl. 


See Section 42.3, “Using MTA Log Files,” on page 665. 
See also /log, /logdays, /logdiskoff, /loglevel, and /logmax. 


See Section 41.4.2, “Enabling MTA Message Logging,” on 
page 643. 

See also /messagelogsettings, /messagelogpath, / 
messagelogdays, and /messagelogmaxsize. 


See Section 41.4.1, “Using eDirectory User Synchronization,” on 
page 638. 
See also /nondssync. 


See Section 41.3.1, “Using Routing Domains,” on page 631. 
See also /defaultroutingdomain. 


See “Using Dynamic Internet Links” in “Connecting to GroupWise 
5.x, 6.x, and 7.x Systems” in the GroupWise 7 Multi-System 
Administration Guide. 

See also /nodns. 
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ConSoleOne Properties Fages and Corresponding Tasks and Startup Switches 


Settings 

Certificate File See Section 41.2.3, “Securing the Domain with SSL Connections 
SSL Key File to the MTA,” on page 629. 

Password See also /certfile, /keyfile and /keypassword. 


After you install the MTA software, you can further configure the MTA using a startup file. To 
survey the many ways the MTA can be configured, see Chapter 44, “Using MTA Startup Switches,” 
on page 683. 


41.1.3 Changing the Link Protocol between Domains 


How MTAs for different domains communicate with each other is determined by the link protocol in 
use between the domains. Typically, inbound and outbound links for a domain use the same link 
protocol, but this is not required. For a review of link protocols, see Section 10.1.3, “Link Protocols 
for Direct Links,” on page 141. 


If you originally set up an MTA using one link protocol and need to change to a different one, some 
reconfiguration of the MTA is necessary. 


+ “Using TCP/IP Links between Domains” on page 618 
+ “Using Mapped or UNC Links between Domains” on page 621 
+ “Using Gateway Links between Domains” on page 622 





NOTE: The Linux MTA does not support mapped or UNC links between domains. TCP/IP links are 
required. 





Using TCP/IP Links between Domains 
To set up TCP/IP links between domains, you must perform the following two tasks: 


+ “Configuring the MTA for TCP/IP” on page 618 
+ “Changing the Link Protocol between Domains to TCP/IP” on page 620 


Configuring the MTA for TCP/IP 


1 Make sure TCP/IP is properly set up on the server where the MTA is running. 
2 In ConsoleOne, browse to and right-click the MTA object, then click Properties. 
3 Click GroupWise > Network Address to display the Network Address page. 
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Properties of MTA 


GroupWise + | NDSRights ~ | Other | Rights to Files and Folders 
Network Address 





TCPAP Address: [ibd-nw provo.novel.com 





IPXISPX Address: | 


I Bind Exclusively to TCPAP Address 


Port SSL 
a 
Message Transfer: [ 7100 4 Disabled x | 














HTTP: [ 7180 $| Jbisabea ~ | 


Page Options... Cancel | Appy | Hep | 








4 On the Network Address page, click the pencil icon for the TCP/IP Address field to display the 


6 
7 


Edit Network Address dialog box. 


Edit Network Address 


TCPAP Address 





© IP Address: 








(° DNS Host Name: |ibd-nv.provo.novell.com 


Cancel Help 





Select JP Address, then provide the IP address, in dotted decimal format, of the server where 
the MTA is running. 


or 


Select DNS Host Name, then provide the DNS hostname of the server where the MTA is 
running. 





IMPORTANT: The MTA must run on a server that has a static IP address. DHCP cannot be 
used to dynamically assign an IP address for it. 





Specifying the DNS hostname rather than the IP address makes it easier to move the MTA from 
one server to another, should the need arise at a later time. You can assign a new IP address to 
the hostname in DNS, without changing the MTA configuration information in ConsoleOne. 


Click OK. 


To use a TCP port number other than the default port of 7100, type the port number in the 
Message Transfer Port field. 


If multiple MTAs will run on the same server, each MTA must have a unique TCP port number. 


For optimum security, select Enabled in the SSL drop-down list for the message transfer port. 
For more information, see Section 41.2.3, “Securing the Domain with SSL Connections to the 
MTA,” on page 629. 


Click OK to save the network address and return to the main ConsoleOne window. 
ConsoleOne then notifies the MTA to restart enabled for TCP/IP. 
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Corresponding Startup Switches 


You can also use the /ip and /tcpport switches in the MTA startup file to provide the IP address and 
the message transfer port number. 


MTA Web Console 


You can view the MTA TCP/IP information on the Configuration page under the TCP/IP Settings 
heading. 


Changing the Link Protocol between Domains to TCP/IP 
Make sure you have configured the MTA for TCP/IP at both ends of each link. 
To change the link between the domains from mapped or UNC to TCP/IP: 


1 In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration. 
2 Click View > Domain Links to display domain links. 


KS GroupWise Link Configuration Tool - K:\gwsystem\provol 
File Edit Search View Window Help 


el MM) m) AN] Ria) Fer om 2 









































3 Select the MTA’s local domain in the drop-down list. 
Outbound and inbound links for the selected domain are listed. 


4 Double-click a domain in the Outbound Links list. 


KS Edit Domain Link 


Description: How Provo1 connects to Provo3 

Link Type: Piret +] Cane 
Settings Help 
Protocol: Fc +] 
IP Address: [ibd-nxprovonovel.com: 7100 |}Z||  scheduing… 
I Override 


Maximum send message size: 0 sj MBytes 


Delay message size: 0 4 MBytes 


Transfer Pull Info... External Link Info... 








5 Set Link Type to Direct. 
6 Set Protocol to TCP/IP. 


Make sure the information displayed in the IP Address and MT Port fields matches the 
information for the MTA for the domain to which you are linking. 


620 GroupWise 7 Administration Guide 


7 Click OK. 
8 Repeat Step 4 through Step 7 for each domain in the Outbound Links list where you want the 


10 


12 
13 


14 


MTA to use a TCP/IP link. 

Selecting multiple domains is also allowed. 
Double-click a domain in the Inbound Links list. 
Set Link Type to Direct. 

Set Protocol to TCP/IP. 


Make sure the information displayed in the IP Address and MT Port fields matches the 
information you supplied in “Configuring the MTA for TCP/IP” on page 618. 


Click OK. 


Repeat Step 9 through Step 12 for each domain in the Inbound Links list where you want the 
MTA to use a TCP/IP link. 


Selecting multiple domains is also allowed. 
Click File > Exit > Yes to save the link changes. 
ConsoleOne then notifies the MTA to restart with the new link configuration. 


For a sample message flow for this configuration, see “TCP/IP Link Open: Transfer between 
Domains Successful” in “Message Delivery to a Different Domain” in GroupWise 7 
Troubleshooting 3: Message Flow and Directory Structure. 


Using Mapped or UNC Links between Domains 


To change to a mapped or UNC link between domains: 


1 In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration. 


2 Click View > Domain Links to display domain links. 


NO on f “w 


© 


Select the MTA’s local domain in the drop-down list. 
Outbound and inbound links for the selected domain are listed. 
Double-click a domain in the Outbound Links list. 

Set Link Type to Direct. 

Set Protocol to Mapped or UNC. 


Enter the full path, in the appropriate format, of the directory where the other domain is 
located. 


Click OK. 


9 Repeat Step 4 through Step 8 for each domain in the Outbound Links list where you want the 


10 
11 
12 
13 
14 


MTA to use a mapped or UNC link. 

Selecting multiple domains is also allowed. 

Double-click a domain in the Inbound Links list. 

Set Link Type to Direct. 

Set Protocol to Mapped or UNC. 

Enter the full path, in the appropriate format, of the directory where the local domain is located. 
Click OK. 
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15 Repeat Step 10 through Step 14 for each domain in the Inbound Links list where you want the 
MTA to use a mapped link. 


Selecting multiple domains is also allowed. 
16 Click File > Exit > Yes to save the link changes. 
ConsoleOne then notifies the MTA to restart with the new link configuration. 


Using Gateway Links between Domains 
You can use GroupWise gateways to link domains within your Group Wise system. 


+ “Using the Async Gateway to Link Domains” on page 622 
+ “Using the Internet Agent to Link Domains” on page 622 


Using the Async Gateway to Link Domains 


You can use the Async Gateway to link a domain into your GroupWise system using a modem. For 
setup instructions, see the Async Gateway documentation at the GroupWise Gateway 
Documentation Web site (http://www.novell.com/documentation/gwgateways). 


Using the Internet Agent to Link Domains 


You can use the Internet Agent to link a domain into your GroupWise system across the Internet. 
When you use the Internet Agent as the transport mechanism between domains, it encapsulates 
GroupWise messages (both e-mail messages and administrative messages) within SMTP messages 
in order to transport them across the Internet. For setup instructions, see Section 51.2, “Linking 
Domains,” on page 810 





NOTE: A simpler alternative to a gateway link for spanning the Internet is to use MTA to MTA 
links, as described for linking separate Group Wise systems in “Using Dynamic Internet Links” in 
the GroupWise 7 Multi-System Administration Guide. The same configuration that can link two 
separate GroupWise systems can be employed to link a domain within the same GroupWise system. 


41.1.4 Changing the Link Protocol between a Domain and Its 
Post Offices 


How messages are transferred between the MTA for the domain and the POA for each post office is 
determined by the link protocol in use between the domain and each post office. For a review of link 
protocols, see Section 10.1.3, “Link Protocols for Direct Links,” on page 141. 


If you need to change from one link protocol to another, some reconfiguration of the MTA and its 
link to each post office is necessary. 


+ “Using TCP/IP Links between a Domain and its Post Offices” on page 623 
+ “Using Mapped or UNC Links between a Domain and its Post Offices” on page 625 





NOTE: The Linux MTA requires TCP/IP links between a domain and its post offices. 
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Using TCP/IP Links between a Domain and its Post Offices 


To change from mapped or UNC links to TCP/IP links between a domain and its post offices, you 
must perform the following two tasks: 


+ 


+ 


“Configuring the Agents for TCP/IP” on page 623 
“Changing the Link Protocol between a Domain and its Post Offices to TCP/IP” on page 624 


Configuring the Agents for TCP/IP 


1 


If the MTA for the domain is not yet set up for TCP/IP communication, see “Configuring the 
MTA for TCP/IP” on page 618. 


If any post offices do not yet have a POA set up for TCP/IP communication, see Section 36.2.1, 
“Using Client/Server Access to the Post Office,” on page 486 to set up the initial TCP/IP 
information. 


In ConsoleOne, expand the Post Office object to display the POA object(s) in the post office. 


Only one POA per post office needs to communicate with the MTA. If the post office has 
multiple POAs, have a POA that performs message file processing communicate with the MTA 
for best performance. For information about message file processing, see Section 35.5, “Role 
of the Post Office Agent,” on page 469. 


4 Right-click the POA object, then click Properties. 


Click GroupWise > Network Address to display the Network Address page. 


Properties of POA 


GroupWise + | NDS Rights v | Other | Rights to Files and Folders 
Network Address 





TCPAP Address: ibd-nw provo novell.com 





Proxy Server Address: 





IPX/SPX Address: 


I Bind Exclusively to TCPAP Address 


Port SSL SSL Port 
Message Transfer: 7101 + Disabled | 


HTTP: 7181 $| [Disabled = 








Local Intranet ClentiServer: | 1677 2| [Disabled +] 


Internet Proxy Client/Server: < Disabled Y 


IMAP: $| [pisalea ~| [ 993 <] 


SOAP: $| [Disabled » 














Page Options... ok |. canost | Apply | Hep | 








6 Onthe Network Address page, click the pencil icon for the TCP/IP Address field to display the 


Edit Network Address dialog box. 


KE Edit Network Address 


TCPAP Address 





C IP Address: 








(° DNS Host Name: fibd-nw.provo.novell.com 


Cancel Help 
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7 Inthe Message Transfer Port field, specify a unique TCP port on which the POA will listen for 
incoming messages from the MTA. 


The default is 7101. 


8 For optimum security, select Enabled in the SSL drop-down list for the message transfer port. 
For more information, see Section 41.2.3, “Securing the Domain with SSL Connections to the 
MTA,” on page 629. 


9 Click OK to save the TCP/IP information and return to the main ConsoleOne window. 


ConsoleOne then notifies the POA to restart with message transfer processing enabled. 


Changing the Link Protocol between a Domain and its Post Offices to TCP/IP 


1 In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration. 


KS GroupWise Link Configuration Tool - K:\gwsystem\provol 


File Edit Search View Window Help 
$) BE T QIN) Rie) Foro SO - 








Undefined: 

















2 Inthe drop-down list, select the domain where you want TCP/IP links to post offices. 
3 Click View > Post Office Links to display post office links. 


KS GroupWise Link Configuration Tool - K:\gwsystem\provol 
File Edit Search View Window Help 











4 Double-click a Post Office object. 
5 In the Protocol field, select TCP/IP. 


{ Edit Post Office Link 


Post Office: Development OK 
Protocol: Ferre Mi 
Cancel 


IP Address: 


Client/Server Port: fi 677 
Maximum send message size: 0 {MBytes 
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Make sure the information displayed in the Edit Post Office Link dialog box matches the 
information provided in the Edit Network Address dialog box in “Configuring the Agents for 
TCP/IP” on page 623. 


7 Click OK. 
8 Repeat Step 4 through Step 7 for each post office in the domain where you want to use TCP/IP 


links. 
To exit the Link Configuration tool and save your changes, click File > Exit > Yes. 


ConsoleOne then notifies the MTA and POAs to restart using the new link protocol. 


For a sample message flow for this configuration, see “TCP/IP Link Open: Transfer between Post 
Offices Successful” in “Message Delivery to a Different Post Office” in GroupWise 7 
Troubleshooting 3: Message Flow and Directory Structure. 


Using Mapped or UNC Links between a Domain and its Post Offices 


To change from a TCP/IP link to a mapped or UNC link between a domain and its post offices: 


oAN Oo BR WD = 


In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration. 

In the drop-down list, select the domain where the post offices reside. 

Click View Post Office Links to display post office links. 

Double-click a Post Office object. 

In the Protocol field, select Mapped or UNC. 

Provide the location of the post office in the format appropriate to the selected protocol. 
Click OK. 

Repeat Step 4 through Step 7 for each post office in the domain. 

To exit the Link Configuration tool and save your changes, click File > Exit > Yes. 


ConsoleOne then notifies the POA and MTA to restart using the new link protocol. 


41.1.5 Binding the MTA to a Specific IP Address 


If the MTA runs on a server that has multiple IP addresses, you can cause the MTA to bind to a 
specific IP address. The specified IP address is associated with all ports used by the MTA. Without 
an exclusive bind, the MTA binds to all IP addresses available on the server. 


1 
2 
3 
4 


5 


In ConsoleOne, expand the Domain object to display the MTA object in the post office. 
Right-click the MTA object, then click Properties. 

Click GroupWise > Network Address to display the Network Address page. 

If the TCP/IP Address field does not yet display the IP address you want the MTA to use: 


4a Click the pencil icon for the TCP/IP Address field to display the Edit Network Address 
dialog box. 


4b Specify the IP address for the MTA, then click OK. 
Select Bind Exclusively to TCP/IP Address, then click OK to save the IP address setting. 


Corresponding Startup Switches 
You can also use the /ip switch in the MTA startup file to bind the MTA to a specific IP address. 
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41.1.6 Moving the MTA to a Different Server 


As your GroupWise system grows and evolves, you might need to move an MTA from one server to 
another. For example, you might decide to run the MTA on a different platform, or perhaps you want 
to move it to a server that has more disk space for the mslocal directory. 

1 Stop the existing MTA. 


2 Copy the entire mslocal subdirectory structure to wherever you want it on the new server. It 
might contain messages that have not yet been delivered. 


3 When moving the MTA, pay special attention to the following details: 


+ Inthe MTA startup file, set the /work switch to the location of the mslocal directory on the 
new server. 


+ If the original MTA was configured for TCP/IP links between domains, you must 
reconfigure the MTA object with the IP address and port number for the MTA on the new 
server. See “Using TCP/IP Links between Domains” on page 618. 


+ For the NetWare® MTA, if it was originally on the same server where its domain and post 
offices are located and you are moving it to a different server, you must add the /dn switch 
or the /user and /password switches to the MTA startup file to give the NetWare MTA 
access to the server where the domain and post offices are located. 


4 Install the MTA on the new server. See “Installing GroupWise Agents” in the GroupWise 7 
Installation Guide. 


5 Start the new MTA, as described in the following sections in the GroupWise 7 Installation 
Guide: 


+ “Starting the NetWare GroupWise Agents” 
+ “Starting the Linux Agents with a User Interface” 
+ “Starting the Windows GroupWise Agents” 


6 Observe the new MTA to see that it is running smoothly. See Chapter 42, “Monitoring the 
MTA,” on page 645. 


7 If you are no longer using the old server for any GroupWise agents, you can remove the agents 
to reclaim the disk space, as described in the following sections in the GroupWise 7 Installation 
Guide: 


+ “Uninstalling the NetWare GroupWise Agents” 
+ “Uninstalling the Linux GroupWise Agents” 
+ “Uninstalling the Windows GroupWise Agents” 


41.1.7 Adjusting the MTA for a New Location of a Domain or 
Post Office 


MTA configuration must be adjusted if you make the following changes to your Group Wise system 
configuration: 


+ “New Domain Location” on page 627 


+ “New Post Office Location” on page 627 
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New Domain Location 


If you move a domain from one server to another, you need to edit the MTA startup file to provide 
the new location of the domain directory. 


1 


Stop the MTA for the old domain location if it is still running. 


2 Use an ASCII text editor to edit the MTA startup file. 


NetWare Only the first 8 characters of the domain name are used in the filename. The 

and startup file is typically located in the directory where the MTA software is installed. 
Windows: 

Linux: The full domain name is used in the filename. However, all letters are lowercase 


and any spaces in the domain name are removed. The startup file is located in the / 
opt/novell/groupwise/agents/share directory. 


3 Adjust the setting of the /home switch to point to the new location of the domain directory. 
4 Save the MTA startup file. 


5 Start the MTA for the new domain location, as described in the following sections in the 


Group Wise 7 Installation Guide: 
+ “Starting the NetWare GroupWise Agents” 
+ “Starting the Linux Agents with a User Interface” 
¢ “Starting the Windows GroupWise Agents” 


New Post Office Location 


If you move a post office, you need to adjust the link information for that post office. 


1 


NO oo BB © N 


Click Tools > GroupWise Utilities > Link Configuration. 

In the drop-down list, select the domain where a post office has moved. 
Click View > Post Office Links to display post office links. 

Double-click the post office that has been moved. 

Provide its new location in the appropriate format. 

Click OK. 

Click File > Exit > Yes to save the link changes. 

ConsoleOne then notifies the MTA to restart with the new link configuration. 


41.1.8 Adjusting the MTA Logging Level and Other Log 
Settings 


When installing or troubleshooting the MTA, a logging level of Verbose can be useful. However, 
when the MTA is running smoothly, you can set the logging level down to Normal to conserve disk 
space occupied by log files. See Section 42.3, “Using MTA Log Files,” on page 665. 
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41.2 Configuring User Access through the 
Domain 


Although users do not access the domain as they use the GroupWise client, their messages often 
pass through domains while traveling from one post office to another. 


+ Section 41.2.1, “Restricting Message Size between Domains,” on page 628 
+ Section 41.2.2, “Enabling Live Remote,” on page 629 
+ Section 41.2.3, “Securing the Domain with SSL Connections to the MTA,” on page 629 


41.2.1 Restricting Message Size between Domains 


You can configure the MTA to restrict the size of messages that users are permitted to send outside 
the domain. 


1 In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration. 


KS GroupWise Link Configuration Tool - K:\gwsystem\provol 
File Edit Search View Window Help 


s Mm nj QI) Km] Foo omen — 























Edit Domain Link 
Description: How Provo1 connects to Provo3 
Link Type: Direct ad 
Settings 
Protocol: TC z 
IP Address: |ibd-Inx.provo.novell.com : 7100 Z Scheduling... 


T Override 


Maximum send message size: 0 4 MBytes: 
Delay message size: 0 $ MBytes 


Transfer Pull Info... | External Link Info... 








3 Inthe Maximum Send Message Size field, specify in megabytes the size of the largest message 
you want users to be able to send outside the post office. 


4 If you want to delay large messages, specify the size in megabytes for message files the MTA 
can process immediately in the Delay Message Size field. 


If a message file exceeds the delay message size, the message file is moved into the low 
priority (6) message queue, where only one MTA thread is allocated to process very large 
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messages. This arrangement allows typical messages to be processed promptly, while delaying 
large messages that exceed the specified size. The result is that large messages do not slow 
down processing of typical messages. 


5 Click OK. 
6 To exitthe Link Configuration Tool and save your changes, click File > Exit > Yes. 
ConsoleOne then notifies the MTA to restart using the new message size limits. 


If a user’s message is not sent out of the domain because of this restriction, the user receives an e- 
mail message providing the following information: 





Delivery disallowed - Transfer limit is nn MB 
However, the message is delivered to recipients in the sender’s own domain. 


There are additional ways to restrict the size of messages that users can send, as described in 
Section 12.3.4, “Restricting the Size of Messages That Users Can Send,” on page 185. 


41.2.2 Enabling Live Remote 


You can configure the MTA to redirect GroupWise Remote client requests to other MTAs and 
POAs. The Group Wise client can establish a client/server connection to an MTA across the Internet, 
eliminating the queuing and polling process used by earlier Remote clients. The result is 
significantly improved performance for Remote client users. 


To configure the MTA to redirect Remote client requests, add the /liveremote, /Irconn and / 
Irwaitdata switches to the MTA startup file. 


You can monitor the live remote connections from the MTA server console. See “Displaying Live 
Remote Status” on page 653. 


As an alternative to live remote connections from outside your firewall, you could set up proxy 
servers for the POAs, so that client users in Remote mode connect to their mailboxes through the 
proxy servers rather than through MTAs. Full SSL security is provided through the proxy servers. 
See Section 36.3.1, “Securing Client/Server Access through a Proxy Server,” on page 496. 


41.2.3 Securing the Domain with SSL Connections to the MTA 


Secure Sockets Layer (SSL) ensures secure communication between the MTA and other programs 
by encrypting the complete communication flow between the programs. For background 
information about SSL and how to set it up on your system, see Chapter 71, “Encryption and 
Certificates,” on page 1121. 


To configure the MTA to use SSL: 


1 In ConsoleOne, browse to and right-click the MTA object, then click Properties. 
2 Click GroupWise > Network Address to display the Network Address page. 
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Properties of MTA 


GroupWise v | NDS Rights v | Other | Rights to Files and Folders 
Network Address 





TCPAP Address: libd-nw prova novel.com 





IPXISPX Address: | 


1 Bind Exclusively to TCPAP Address 


Port SSL 
Message Transfer: 7100 + Disabled x | 
HTTP: 7180 $| [Disabiea >] 





Page Options... Cancel | Apply | Help | 








3 To use SSL connections between the MTA and the POAs for its post offices, which provides 
optimum security, select Enabled in the Message Transfer SSL drop-down list. 


The MTA must use a TCP/IP connection to each POA in order to enable SSL for the 
connection. See “Using TCP/IP Links between a Domain and its Post Offices” on page 623. 


Each POA must also have SSL enabled for the connection to be secure. See Section 36.3.3, 
“Securing the Post Office with SSL Connections to the POA,” on page 498. 


4 To use SSL connections between the MTA and the MTA Web console displayed in your Web 
browser, which provides optimum security, select Enabled in the HTTP SSL drop-down list. 


To set up the MTA Web console, see Section 42.2.1, “Setting Up the MTA Web Console,” on 
page 657. 


5 Click Apply to save the settings on the Network Address page. 
6 Click GroupWise > SSL Settings to display the SSL Settings page. 


Properties of MTA 


GroupWise + | NDS Rights + | Other | Rights to Files and Folders | 
SSL Settings 





Certificate file: [ =| 
SSL key file: [=| 
Set Password 


Page Options... Cancel 
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For background information about certificate files and SSL key files, see Chapter 71, 
“Encryption and Certificates,” on page 1121. 


7 Inthe Certificate File field, browse to and select the public certificate file provided to you by 
your CA. 


8 Inthe SSL Key File field: 
8a Browse to and select your private key file. 
8b Click Set Password. 
8c Provide the password that was used to encrypt the private key file when it was created. 
8d Click Set Password. 
9 Click OK to save the SSL settings. 
ConsoleOne then notifies the MTA to restart using the new message size limits. 
Corresponding Startup Switches 


You can also use the /certfile, /keyfile, /keypassword, /httpssl, and /msgtranss| switches in the MTA 
startup file to configure the MTA to use SSL. 


MTA Web Console 
You can list which connections the MTA is using SSL for from the Links page. Click View TCP/IP 
Connections to display the list if TCP/IP links. 


41.3 Configuring Specialized Routing 


As you create each new domain in your GroupWise system, you link it to another domain. You can 
view and modify the links between domains using the Link Configuration Tool. See Chapter 10, 
“Managing the Links between Domains and Post Offices,” on page 137. The following topics help 
you configure the MTA to customize routing through your GroupWise system: 

+ Section 41.3.1, “Using Routing Domains,” on page 631 

+ Section 41.3.2, “Scheduling Direct Domain Links,” on page 633 

+ Section 41.3.3, “Using a Transfer Pull Configuration,” on page 636 


41.3.1 Using Routing Domains 


As an alternative to configuring individual links between individual domains throughout your 
Group Wise system, you can establish a system of one or more routing domains under the following 
circumstances. 


+ Domains must connect to the routing domains with TCP/IP links. 


+ GroupWise 5.5 and later domains can be part of the routing domain system. Domains and 
MTAs that are still at a 5.2 or earlier version cannot participate and must use links as provided 
in the Link Configuration Tool. 


A routing domain can serve as a hub in the following situations: 


+ Messages that are otherwise undeliverable can be automatically sent to a single routing domain. 


This routing domain can be set up to perform DNS lookups and route messages out across the 
Internet. See “Using Dynamic Internet Links” in “Connecting to GroupWise 5.x, 6.x, and 7.x 
Systems” in the GroupWise 7 Multi-System Administration Guide. 
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+ All messages from a domain can be automatically routed through another domain, regardless of 
the final destination of the messages. This provides additional control of message flow through 
your GroupWise system. 


You can set up routing domains on two levels: 


+ “Selecting a System Default Routing Domain” on page 632 


+ “Selecting a Specific Routing Domain for an Individual Domain” on page 633 


Selecting a System Default Routing Domain 


You can establish a single default routing domain for your entire Group Wise system. This provides a 
centralized routing point for all messages. It takes precedence over specific links established when 
domains were created or links modified with the Link Configuration Tool. 


To set up a system default routing domain: 


1 In ConsoleOne, click Tools > GroupWise System Operations > System Preferences > Routing 
to display the Routing tab. 


GroupWise System Preferences 


Nickname Settinas | Admin Lockout Settinas 
Admin Preferences External Access Rights 


Default Routing Domain: 


| 8) Clear 


r 
T MTäs send directly to other GroupWise systems 











| Cancel | Help 








2 Inthe Default Routing Domain field, browse to and select the domain you want to serve as the 
default routing domain for your entire Group Wise system. 


3 If you want all GroupWise messages to pass through the default routing domain regardless of 
the destination of the message, select Force All Messages to This Domain. 


or 


If you want only undeliverable GroupWise messages to be routed to the default routing 
domain, deselect Force All Messages to This Domain. 


If you do not force all messages to the system default routing domain, then you have the option 
of allowing selected MTAs to provide routing domain services in addition to the system default 
routing domain. 


4 Select MTAs Send Directly to Other GroupWise Systems if you want all MTAs in your 
GroupWise system to perform DNS lookups and route messages out across the Internet. 


or 


Deselect MTAs Send Directly to Other GroupWise Systems if you want to individually 
designate which MTAs should perform eDirectory lookups and route messages out across the 
Internet. 


5 Click OK to save the routing options you have specified for the system default routing domain. 
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Selecting a Specific Routing Domain for an Individual Domain 


As long as you are not forcing all messages to the system default routing domain, you can override 
the system default routing information for an individual domain. 


1 In ConsoleOne, browse to and right-click the MTA object, then click Properties. 
2 Click GroupWise > Routing Options to display the Routing Options page. 


Properties of MTA 
GroupWise + | NDS Rights + | Other | Rights to Files and Folders | 
Routing Options 
Override Default Routing Domain 
| 8 


Defined at: Corporate Mail 





r 
Defined at: Corporate Mail 


T Allow MTA to send directly to other GroupWise systems 
Defined at: Corporate Mail 


Page Options... ok | Cancel | Apply | Help | 








System default routing information displays if it has been set up. See “Selecting a System 
Default Routing Domain” on page 632. 


3 Select Override beside the default information you want to change for the selected domain. 
4 Set the routing options as needed for the selected domain. 
5 Click OK to save the specialized routing information for the selected domain. 
ConsoleOne then notifies the MTA to restart so the routing information can be put into effect. 


MTA Web Console 
You can check routing information on the Configuration page under the General Settings heading. 


41.3.2 Scheduling Direct Domain Links 


When domains link across an expensive medium such as long-distance phone lines, you can reduce 
the cost of the link by controlling when it is open. You can choose to have some types of messages 
wait in the message queues for the lowest phone rate. You can collect messages in the message 
queues until a specified time or size limit is reached, then open the link, rather than opening the link 
for each message as it arrives in the queue. You can design as many link profiles as you need, to 
schedule the transfer of various types of GroupWise messages in the most efficient and cost- 
effective manner. 


To create a schedule for a link between domains: 


1 In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration. 
2 Inthe drop-down list, select the domain to schedule a link for. 
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3 Click View > Domain Links to display domain links. 


KE GroupWise Link Configuration Tool - K:\gwsystem\provot 
File Edi Search View Window Help 








Indirect Undefined: 


1 Provost (Pravo3) 


‘Direct: pindirect: 
% Prow2 | SI Prowos Prova2) 
% Prowod | 

















4 Double-click the domain you want to create a link schedule for. 
Only direct links can be scheduled. 


KS Edit Domain Link 


Description: How Provo1 connects to Provo3 OK | 
Link Type: [Direct E | 
Hi : Cancel | 
r Settings Help | 
[fe PiP v 


Protocol: 


IP Address: Jibd-inx provo.novell.com : 7100 Scheduling... | 


T Override 


Maximum send message size: 0 4 MBytes: 
Delay message size: 0 4 MBytes 


Transfer Pull Info... External Link Info... 




















5 Click Scheduling. 


Link Schedule 





Sunday 
Monday 
Tuesday 
Wednesday 
Thursday Gado 
Friday 
Saturday 









































Default 


E| Other profiles 
Profiles HH current profiles 











The link schedule grid displays the current schedule for the selected direct link. The grid 
consists of half-hour time slots showing the link profile assigned to each time slot. Available 
link profiles are listed below the link schedule grid. 
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Each link profile defines the following values to set the conditions under which the link opens: 
+ Which message queues to monitor 
+ Maximum wait time for any message in any monitored queue 
+ Maximum number of waiting messages allowed in all monitored queues 
+ Maximum total size of waiting messages allowed in all monitored queues 


The default profile shows as white in the link schedule grid. The default profile is in effect at all 
times when no other profile has been selected. Any other defined profiles show as gray. The 
currently selected link profile shows as green. 


To create a new link profile, click Create. 

or 

To edit an existing link profile, select it in the profile list, then click Edit. 
or 

To edit the default link profile, click Default. 


Create Profile 


Time threshold (minutes) 





Description: 


Queue 0: 0 





Queue 1: 0 


Queue 2: 


Queue 3: 


Queue 4: 





Queue 5: 
Thresholds for queues 0-7 


0 4 Messages Queue 6: 


0 4 KBytes Queue 7: 








Le lel Le lel lel» Le lal ja 








If you are creating a new link profile, provide a unique name for the link profile in the Name 
field. 


If you are editing an existing link profile, you cannot change the name. 


In the Description field, provide whatever additional information is necessary to describe the 
purpose of the link profile. 


Use the scroll bar in the Time Threshold box to select which queues to monitor and process 
when this link profile is in effect. 


Queue Purpose 

0 Busy Search requests 

1 Requests from GroupWise Remote users 

High priority user messages; administrative messages 
High priority status messages 

Normal priority user messages 


Normal priority status messages 
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Low priority user messages 
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Queue Purpose 


7 Low priority status messages 


The contents of deselected queues are not monitored but are processed when the link opens. 


10 For each selected queue, specify the maximum number of minutes a message must wait in each 
queue before the link opens. 


If you want the link to open immediately when a message arrives in the queue, specify 0 (zero). 


11 Inthe Messages field, specify the total number of messages waiting in all selected queues that 
will trigger the link to open. 


12 Inthe KBytes field, specify the total size in kilobytes of all messages waiting in all selected 
queues that will trigger the link to open. 


13 Click OK to save the link profile and return to the Link Scheduling dialog box. 
14 Select the new or modified link profile in the profile list. 
15 Click a time slot or drag to select a range of time slots. 
Time slots assigned to the selected link profile display as green. 
16 Select all the time slots you want governed by the selected link profile. 
17 Select a different link profile to assign to time slots. 
or 
Create or edit another link profile. 
or 
Click OK to save the schedule for the current link. 
18 When the schedule is saved, click OK to close the Edit Domain Link dialog box. 
19 To exit the Link Configuration Tool, click File > Exit > Yes. 
ConsoleOne then notifies the MTA to restart using the new link schedule. 


41.3.3 Using a Transfer Pull Configuration 


Typically for a mapped or UNC link, the MTA for the sending domain writes (or “pushes”) message 
files into the input queue subdirectories of the receiving domain. However, it is possible to change 
this configuration so the MTA for the receiving domain picks up (or “pulls”) message files from the 
sending domain. 


The transfer pull directory is a location in the sending domain where the MTA for the receiving 
domain can pick up message files (that is, “pull” them from the sending domain). It represents the 
only configuration where an MTA processes messages outside its own domain directory structure. 





NOTE: The transfer pull configuration does not apply to the Linux MTA because the Linux MTA 
does not use mapped or UNC links. 





To set up a transfer pull configuration between domains: 


1 Manually create a transfer directory with input queue subdirectories from which outgoing 
message files are pulled. 
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The transfer directory must contain a wocsin subdirectory, with standard priority 0 through 7 
subdirectories beneath. The transfer directory must be placed where both the sending and 
receiving MTAs have rights. 

In ConsoleOne, modify the outgoing link from the sending domain so the MTA for the sending 
domain writes message files to the transfer directory, rather than directly to the receiving 
domain. See “Modifying the Outgoing Transfer Pull Link” on page 637. 

In ConsoleOne, modify the incoming link to the receiving domain so the MTA for the receiving 
domain actively pulls message files from the transfer directory, rather than waiting for them to 
be delivered. See “Modifying the Incoming Transfer Pull Link” on page 637. 


Stop and restart the MTAs for both domains. 


Modifying the Outgoing Transfer Pull Link 


1 
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In ConsoleOne, connect to the sending domain: 

1a Click Tools > GroupWise System Operations > Select Domain. 

1b Browse to and select the domain database (wpdomain. db) in the sending domain. 

1c Click Open. 

1d Click OK. 

Click Tools > GroupWise Utilities > Link Configuration. 

In the drop-down list, select the sending domain. 

Click View > Domain Links to view outbound and inbound links for the sending domain. 

In the Outbound Links from sending_domain_name list box, double-click the receiving domain. 
If you are using a UNC path, click Override to display the Path field. 


In the Path or UNC Override field (depending on the selected protocol), specify the full path to 
the transfer directory you created. 

You can use a UNC path for the NetWare and Windows MTA; you can use a mapped drive path 
for the Windows MTA only. 


Click OK. 


9 Click File > Exit > Yes to save the link changes for the sending domain and return to the main 


10 


ConsoleOne window. 
Continue with “Modifying the Incoming Transfer Pull Link” on page 637. 


Modifying the Incoming Transfer Pull Link 


1 
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In ConsoleOne, connect to the receiving domain: 
1a Click Tools > GroupWise System Operations > Select Domain 
1b Browse to and select the domain database (wpdomain. db) in the receiving domain. 
1c Click Open. 
1d Click OK. 
Click Tools > GroupWise Utilities > Link Configuration. 
In the drop-down list, select the receiving domain. 
Click View Domain Links to view outbound and inbound links for the receiving domain. 


In the Outbound Links from receiving_domain_name list box, double-click the sending domain. 
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6 Verify that the information displayed in the Edit Domain Link dialog box is correct. 
7 Click Transfer Pull Info. 
8 Specify the full path to the transfer directory you created. 


You can use a UNC path for the NetWare and Windows MTA; you can use a mapped drive path 
for the Windows MTA only. 


9 Specify the number of seconds after which the MTA checks the transfer directory for message 
files to pull. 


10 Specify the command needed to reestablish the connection with the transfer directory, if that 
connection should be broken for any reason. 


11 Click OK until you return to the Link Configuration dialog box. 


12 Click File > Exit > Yes to save the link changes for the receiving domain and return to the main 
ConsoleOne window. 


13 Stop and restart the MTAs for both domains. 


41.4 Configuring Domain Maintenance 


You can configure the MTA to synchronize user information in the GroupWise Address Book with 
user information in eDirectory. You can also configure it to gather information about all messages 
that pass through the domain for tracking purposes. 

+ Section 41.4.1, “Using eDirectory User Synchronization,” on page 638 

+ Section 41.4.2, “Enabling MTA Message Logging,” on page 643 


41.4.1 Using eDirectory User Synchronization 


As long as GroupWise administration is performed with the GroupWise Administrator snap-in to 
ConsoleOne running, user information is automatically synchronized between GroupWise and 
eDirectory. However, four situations can cause this automatic synchronization to be insufficient: 


+ An administrator modifies user information in ConsoleOne without having the GroupWise 
Administrator snap-in running. 


¢ The user information was changed using NetWare® Administrator without the Group Wise 
Administrator snap-in running. 


+ The user information was changed using Novell iManager. 
+ The user information was changed using Novell eGuide and the GroupWise Identity Manager 


driver is not in use 


In these situations, user information in eDirectory no longer matches corresponding user 
information in GroupWise. (User objects are the only GroupWise objects that can be modified 
without the GroupWise Administrator snap-in running. Modification of all other Group Wise objects 
requires the presence of the GroupWise Administrator snap-in.) 


This section covers the following aspects of eDirectory user synchronization: 


+ “Enabling eDirectory User Synchronization” on page 639 
+ “Assigning an eDirectory-Enabled MTA to Synchronize Other Domains” on page 641 
+ “Scheduling eDirectory User Synchronization” on page 642 
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Enabling eDirectory User Synchronization 


By default, eDirectory user synchronization is disabled. The MTA still performs all its other 
functions, but any changes made to user information in eDirectory without the GroupWise 


Administrator snap-in running will not appear in Group Wise until eDirectory user synchronization 


has been performed. 


Although all MTAs can be enabled to perform eDirectory user synchronization, the minimum 
requirement is that at least one MTA be configured that way. If your GroupWise system spans 
multiple trees, at least one MTA in each tree must be configured to perform eDirectory user 
synchronization. The MTA server should have a local eDirectory replica for the MTA to access. 


1 In ConsoleOne, click Tools > GroupWise System Operations > eDirectory User 
Synchronization to display the eDirectory User Synchronization Configuration dialog box. 


KA eDirectory User Synchronization Configuration 


Domains: 





Domain 





OK 


Synchronized By Status 
Cancel 
Provo2 MTA.Provo2.GroupWise Disabled Help 
Provo3 MTA Provo3 GroupWWise Disabled 


Provod MTA Provod GroupWise Disabled 


Change Assignment... 





The eDirectory User Synchronization Configuration dialog box lists all domains in your 


GroupWise system, the MTA currently assigned to provide eDirectory user synchronization for 


each domain, and the current status of that agent’s ability to perform eDirectory user 


synchronization. 


2 Click Configure Agents. 


= Configure Agents 


For an agentto be able to perform eDirectory user synchronization, it must both be 
enabled and be able to access eDirectory. Select an agent and use the buttons below 


to change these settings. 


Agents: 


Cancel 





Agent 








MTA Provo1 .GroupVVise 
MTA .Provo2.GroupVise 
MTA. Provo3.GroupWise 
MTA Provo4.GroupWise 


[anssen | 





State eDirectory Access | 
Enabled Dowe | 
Disabled Help 
Disabled 


Disabled 


Sets the necessary properties and rights to allow the 
selected agents to authenticate to eDirectory. If an 
agentis reporting that it cannot access eDirectory, you 
should run Set Up eDirectory Access and restart the 
agent. 


Only domains with NetWare MTAs or Linux MTAs should be listed, because eDirectory user 
synchronization is not supported by the Windows MTA. 


If domains on Windows servers are listed: 


2a Cancel out of the eDirectory user synchronization dialog boxes. 
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2b Browse to and right-click a misconfigured MTA, then click Properties. 
2c Inthe Platform field, select the platform where the MTA is running. 
2d Click OK to save the correct platform information. 


2e Return to Tools > GroupWise System Operations > eDirectory User Configuration > 
Configure Agents. 


3 Select the NetWare MTA that you want to perform eDirectory user synchronization. 
4 Ifthe eDirectory Access column for that NetWare displays Yes, click Enable. 
or 
If the eDirectory Access column for that NetWare MTA displays No: 
4a Click Set Up eDirectory Access. 
4b Browse to and select the NetWare server where the MTA runs. 
4c Click OK. 


The eDirectory Access column for that NetWare MTA should now display Yes so that you 
can enable it. 


Select a Linux MTA that you want to perform eDirectory user synchronization. 


oa 


If the eDirectory Access column for that Linux MTA displays Yes, click Enable. 


o 


or 
If the eDirectory Access column for that Linux MTA displays No: 
Ga Click Set Up eDirectory Access. 


6b In the Available LDAP Servers list, select the LDAP server that you want the MTA to log 
into in order to gain access to eDirectory, then click Set Preferred. 


6c Inthe LDAP User Name field, browse to and select the user that the MTA can use to log in 
as. 
The selected user must have rights to browse properties of User objects. 


Click Set Password, provide the password associated with the user selected above, then 
click Set Password. 


6d Click OK to save the LDAP information. 


The eDirectory Access column for that Linux MTA should now display Yes so that you can 
enable it. 


7 If your GroupWise system spans multiple trees, repeat Step 3 through Step 6 as needed to 
enable eDirectory user synchronization for at least one MTA in each tree. 


8 Click OK to return to the eDirectory User Synchronization Configuration dialog box. 


Each domain for which you have configured the MTA for eDirectory user synchronization 
should now display Enabled in the Status column. 
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eDirectory User Synchronization Configuration 


Domains: 








Provo1 MTA Provo1 GroupWise Enabled Cancel 
Provo2 MTA Provo2.GroupWise Disabled Help 
Provo3 MTA Provo3.GroupWise Disabled 


Provo4 MTA Provo4 GroupWise Disabled 


OK 
Domain Synchronized By Status | 








9 Ifall domains are now enabled, click OK to return to main ConsoleOne window, then continue 
with “Scheduling eDirectory User Synchronization” on page 642. 


or 


If some domains are still disabled, continue with “Assigning an eDirectory-Enabled MTA to 
Synchronize Other Domains” on page 641. 


Assigning an eDirectory-Enabled MTA to Synchronize Other Domains 


After at least one MTA is performing eDirectory user synchronization, other MTAs not performing 
eDirectory user synchronization themselves can have an eDirectory-enabled MTA gather the 
eDirectory information for them. 


In the eDirectory User Synchronization Configuration dialog box, 


1 Click a domain that still displays Disabled in the Status column. 


eDirectory User Synchronization Configuration 


OK 
Domain Synchronized By Status | 
Provo1 MTA Provo1 .GroupWise Enabled Cancel 


Provo2 MTA.Provo2.GroupWise Disabled 


R Help 
Provo3 MTA Provo3 GroupWise Disabled 


Provod MTA Provod GroupWise Disabled 


Domains: 














2 Select an agent, then click Change Assignment. 
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KS select Synchronization Agent 


Available Agents: 
Agent State eDirectory Access 
MTA .Provol GroupWise Enabled Yes 











Note: This list contains only those agents that are currently able to perform 
eDirectory user synchronization. 





3 Select the MTA you want to perform eDirectory user synchronization for the selected domain, 
then click OK. 


The domain should now display Enabled in the Status column of the eDirectory User 
Synchronization Configuration dialog box. 


4 Repeat Step | through Step 3 until all domains in your GroupWise system are enabled for 
eDirectory user synchronization. 


5 Click OK to return to the main ConsoleOne window. 


Scheduling eDirectory User Synchronization 


After eDirectory user synchronization is enabled, you can perform eDirectory user synchronization 
at any time from the NetWare MTA server console. See “Performing eDirectory User 
Synchronization” on page 655. In addition, you must create one or more eDirectory user 
synchronization events to cause eDirectory user synchronization to be performed on a regular basis. 


To schedule an eDirectory user synchronization event: 


1 In ConsoleOne, browse to and right-click the MTA object, then click Properties. 
2 Click GroupWise > Scheduled Events to display the Scheduled Events page. 


Properties of MTA 
NDS Rights v | Other | Rights to Files and Folders 


Scheduled events used by this agent: 
IV Default NDS User Synchronization Event 











Page Options... | 








The Scheduled Events page lists a pool of MTA events available to all MTAs in your 
GroupWise system if any events have already been created. 
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3 Select an existing eDirectory user synchronization event, then click Edit. 
or 


Click Create, then type a name for the event. 


Create Scheduled Event 





Name: 








Event Type: eDirectory User Synchronization 


Trigger 








(° Weekday Weekday: [Sunday 





C Daily Time: [12:00 PM 


Cancel Help 





4 Set Type to eDirectory User Synchronization. 


5 Inthe Trigger box, specify when you want the eDirectory user synchronization event to take 
place. 


You can have the synchronization event take place once a week, once a day, or at any other 
regular interval, at whatever time you choose. 


6 Specify the time of day when you want eDirectory user synchronization to take place. 


7 Click OK twice to close the scheduled event dialog boxes and save the eDirectory user 
synchronization event. 


ConsoleOne then notifies the MTA to restart so the eDirectory user synchronization event can 
be put into effect. 


41.4.2 Enabling MTA Message Logging 


Message logging is turned off by default, because it causes the MTA to use additional CPU and disk 
resources. However, gathering information about message traffic on your Group Wise system lets 
you perform many valuable tasks, including: 

* Tracking messages 

¢ Gathering statistics to help optimize your GroupWise system 

¢ Billing customers for messages delivered 

+ Tracking messages from the MTA Web console and from GroupWise Monitor 
When you enable MTA message logging, the MTA stores data about GroupWise message traffic as 
it processes messages. The stored data is then available for use by the MTA Web console Message 
Tracking feature and by the GroupWise Monitor Message Tracking Report option. In addition, third- 


party programs can produce customized billing, tracking, and statistical reports based on the 
information stored in the database. 


To enable MTA message logging: 


1 In ConsoleOne, browse to and right-click the MTA object, then click Properties. 
2 Click GroupWise > Message Log Settings. 
3 Inthe Message Logging field, select a logging level to turn message logging on. 


4 Inthe Message Log Path field, specify the full path of the file where the MTA will record the 
logging information. 
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5 Inthe Delete Reports After field, specify the number of days to retain reports on disk. Reports 
are automatically deleted after the specified time has passed. 





NOTE: Other fields appearing on the Message Log Settings property page of the MTA object 
in ConsoleOne were valid in earlier versions of GroupWise, but are not supported by the 
GroupWise 7 MTA. 





6 Click OK to save the MTA message log settings. 
ConsoleOne then notifies the MTA to restart so the new settings can be put into effect. 
Corresponding Startup Switches 


You can also use the /messagelogsettings, /messagelogpath, /messagelogdays, and / 
messagelogmaxsize switches in the MTA startup file to configure MTA message logging. 


MTA Web Console 
For instructions on tracking messages after message logging is enabled, see Section , “Tracking 
Messages,” on page 663 and Section 61.3.7, “Message Tracking Report,” on page 1010. 


644 GroupWise 7 Administration Guide 


Monitoring the MTA 


By monitoring the MTA, you can determine whether or not its current configuration is meeting the 
needs of your GroupWise” system. You have a variety of resources to help you monitor the 
operation of the MTA: 

+ Section 42.1, “Using the MTA Server Console,” on page 645 

+ Section 42.2, “Using the MTA Web Console,” on page 657 

+ Section 42.3, “Using MTA Log Files,” on page 665 

+ Section 42.4, “Using GroupWise Monitor,” on page 666 

+ Section 42.5, “Using Novell Remote Manager,” on page 667 

+ Section 42.6, “Using an SNMP Management Console,” on page 667 

¢ Section 42.7, “Notifying the Domain Administrator,” on page 671 





+ Section 42.8, “Using the MTA Error Message Documentation,” on page 672 

+ Section 42.9, “Employing MTA Troubleshooting Techniques,” on page 672 

+ Section 42.10, “Using Platform-Specific MTA Monitoring Tools,” on page 673 
+ Section 42.11, “Using MTA Message Logging,” on page 673 


42.1 Using the MTA Server Console 


The following topics help you monitor and control the MTA from the MTA server console: 


+ Section 42.1.1, “Monitoring the MTA from the MTA Server Console,” on page 645 
+ Section 42.1.2, “Controlling the MTA from the MTA Server Console,” on page 648 


42.1.1 Monitoring the MTA from the MTA Server Console 


The MTA server console provides information, status, and message statistics about the MTA to help 
you assess its current functioning. 


Figure 42-1 MTA Server Console 














-iix 
File Configuration Log Help 
Provo2 Up Time: 0 Days 21Hrs 53 Mins 
GroupWise Message Transfer Agent 
r Status r Statistics = 
Processing n Total 10 Minutes 
Total Closed Routed 37 
| Domains 4 0 Undeliverable 0 0 
Post Offices 2 0 Errors 0 0 
| Gateways 6 1 








01-22 16:56:39 GWMTA: Unable to register with SNMP agent. SNMP for this agent disabled. a] 


01-22 16:56:41 DIS: MTA configuration loaded 
01-23 10:37:16 DIS: MTA restait in progress 
01-23 10:37:25 DIS: MTA restart completed 
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NetWare: The MTA server console always displays on the NetWare server console. 


Linux: You must use the --show startup switch in order to display the Linux MTA server console. 
See “Starting the Linux Agents with a User Interface” in “Installing GroupWise Agents” in 
the GroupWise 7 Installation Guide. 


Windows: You can suppress the Windows MTA server console by running the Windows MTA as a 
service. See “Starting the Windows GroupWise Agents” in “Installing GroupWise Agents” 
in the GroupWise 7 Installation Guide. 


The MTA server console consists of several components: 


+ “MTA Information Box” on page 646 

+ “MTA Status Box” on page 646 

+ “MTA Statistics Box” on page 647 

+ “MTA Alert Box” on page 647 

+ “MTA Admin Thread Status Box” on page 648 





Do not exit the MTA server console unless you want to stop the MTA. 


NetWare: At a NetWare® server console, you can use Alt+Esc to change screens. In a remote 
console window, you can use Alt+F1 to select a screen to view. Use these keystrokes to 
change screens without stopping the MTA. You can use these keystrokes to display the 
MTA server console if it is not immediately visible on the NetWare console. 


Linux: You can minimize the MTA server console, but do not close it unless you want to stop the 
MTA. 
Windows: You can minimize the MTA server console window, but do not close it unless you want to 


stop the MTA. 


MTA Information Box 


The MTA Information box identifies the MTA whose MTA server console you are viewing, which is 
especially helpful when multiple MTAs are running on the same server. 


Domain: Displays the name of the domain serviced by this MTA. 


Description: Displays the description provided in the Description field in the MTA Information 
page in ConsoleOne®. If multiple administrators work at the server where the MTA runs, the 
description can include a note about who to contact before stopping the MTA. 


Up Time: Displays the length of time the MTA has been running. 


MTA Web Console 
The Status page also displays this information. 


MTA Status Box 
The MTA Status box displays the current status of the MTA and its backlog. 


Processing: Displays a rotating bar when the MTA is running. If the bar is not rotating, the MTA 
has stopped. For assistance, see “Message Transfer Agent Problems” in GroupWise 7 
Troubleshooting 2: Solutions to Common Problems. 
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Domains: Displays the total number of domains the MTA links to and the number that are currently 
closed. 


Post Offices: Displays the total number of post offices in the domain and the number that are 
currently closed. 


Gateways: Displays the total number of gateways in the domain and the number that are currently 
closed. 


If you have closed domains, post offices, or gateways, see “MTA Status Box Shows a Closed 
Location” in “Message Transfer Agent Problems” in GroupWise 7 Troubleshooting 2: Solutions to 
Common Problems for assistance. 


MTA Web Console 
The Status page also displays this information. In addition, you can display detailed information 
about specific queue contents. 


MTA Statistics Box 


The MTA Statistics box displays the total statistics for the current up time, and 10-minute statistics 
for all messages the MTA has routed. 


Routed: Displays the number of messages successfully routed to the domains, post offices, and 
gateways serviced by the MTA. 


Undeliverable: Displays the number of messages that could not be delivered to a domain, post 
office, or gateway. For assistance, see “MTA Statistics Box Shows Undeliverable Messages” in 
“Message Transfer Agent Problems” in GroupWise 7 Troubleshooting 2: Solutions to Common 

Problems. 


Errors: Displays the number of errors the MTA encounters while processing messages in its input 
queues. For assistance, see “MTA Statistics Box Shows Errors” n “Message Transfer Agent 
Problems” in GroupWise 7 Troubleshooting 2: Solutions to Common Problems. 


MTA Web Console 
The Status page also displays this information. 


MTA Alert Box 


The MTA Alert box displays important messages that could require an administrator’s attention. 


Informational Status Messages 


When you first start the MTA, you typically see a message informing you the MTA configuration 
has been loaded. 


Error Messages 


If the MTA encounters a problem that disrupts the flow of GroupWise messages, it displays an error 
message in the alert box. For assistance, see “Message Transfer Agent Error Messages” in 
GroupWise 7 Troubleshooting 1: Error Messages. 


MTA Web Console 
The Status page also displays this information. In addition, you can view and search MTA log files 
on the Log Files page. 
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MTA Admin Thread Status Box 


The MTA admin thread updates the domain database (wpdomain.db) when domains, post offices, 
users, and other types of object information are added, modified, or removed, and repairs it when 
damage is detected. 


To display the MTA Admin Thread Status box from the MTA server console, click 
Configuration > Admin Status. 


NetWare Note: Use Options (F10) > Admin Status. 


Figure 42-2 Admin Status Dialog Box 


Provo2 Admin Status xj 

r Admin Messages 
Completed: 
Errors: 





0 
0 
In Queue: 0 
Send Admin Mail E 





r Admin Database 
Status: Normal 

DB Sort Language: US 
Recovery Count: 0 
Automatic Recovery Vv 


Perform DB Recovery 


p Admin Thread 
Status: Running 


Suspend Resume 
Cancel Help 








The following tasks pertain specifically to the MTA admin thread: 


+ “Suspending/Resuming the MTA Admin Thread” on page 651 
+ “Displaying MTA Admin Thread Status” on page 653 
+ “Recovering the Domain Database Automatically or Immediately” on page 654 
¢ “Performing eDirectory User Synchronization” on page 655 
MTA Web Console 
You can display MTA admin thread status on the Configuration page. Under the General Settings 


heading, click Admin Task Processing. You can also change the admin settings for the current MTA 
session. 


42.1.2 Controlling the MTA from the MTA Server Console 


You can perform the following tasks to monitor and control the MTA from the MTA server console 
at the server where the MTA is running: 

+ “Stopping the MTA” on page 649 

+ “Restarting the MTA” on page 650 

+ “Suspending/Resuming MTA Processing for a Location” on page 650 

+ “Suspending/Resuming the MTA Admin Thread” on page 651 

+ “Displaying the MTA Software Date” on page 651 

+ “Displaying the Current MTA Settings” on page 652 

+ “Displaying MTA Status Information” on page 652 
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+ “Displaying Live Remote Status” on page 653 

+ “Displaying MTA Admin Thread Status” on page 653 

+ “Recovering the Domain Database Automatically or Immediately” on page 654 
+ “Performing eDirectory User Synchronization” on page 655 

+ “Browsing the Current MTA Log File” on page 655 

+ “Viewing a Selected MTA Log File” on page 656 

+ “Cycling the MTA Log File” on page 656 

+ “Adjusting MTA Log Settings” on page 656 

+ “Editing the MTA Startup File” on page 656 

+ “Accessing Online Help for the MTA” on page 657 


Stopping the MTA 

You might need to stop and restart the MTA for the following reasons: 
+ Updating the agent software 
+ Troubleshooting message flow problems 


+ Backing up the domain database 


+ Rebuilding the domain database 
To stop the MTA from the MTA server console: 


1 Click File > Exit > Yes to stop the MTA. 


NetWare: Use Exit (F7). If the MTA does not respond to Exit, you can use the unload 
command to stop the MTA. However, this might not allow the MTA to shut down 
gracefully. In addition, the unload command stops all MTAs running on the server. 


Linux: If the Linux MTA does not respond to Exit, you can kill the MTA process, as 
described below, but include the -9 option. 


Windows: If the Windows MTA does not respond to Exit, you can close the MTA server 
console to stop the MTA or use the Task Manager to terminate the MTA task. 


2 Restart the MTA, as described in the following sections in the GroupWise 7 Installation Guide: 
+ “Starting the NetWare GroupWise Agents” 
+ “Starting the Linux GroupWise Agents as Daemons” 


+ “Starting the Windows GroupWise Agents” 


Stopping the Linux MTA When It Is Running as a Daemon 


To stop the Linux MTA when it is running in the background as a daemon and you started it using 
the grpwise script: 

1 Make sure you are logged in as root. 

2 Change to the /etc/init.d directory. 


3 Enter the following command: 
./grpwise stop 
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4 Use the following command to verify that the MTA has stopped. 
./grpwise status 
To stop the Linux MTA when it is running in the background as a daemon and you started it 
manually (not using the grpwise script): 
1 Make sure you are logged in as root. 
2 Determine the process IDs (PIDs) of the MTA: 
ps -eaf | grep gwmta 
The PIDs for all gwmta processes are listed. 
You can also obtain this information from the Environment page of the MTA Web console. 
3 Kill the first MTA process listed: 


Syntax: 
kill PID 





Example: 
kill 1483 











It might take a few seconds for all MTA processes to terminate. 
4 Use the ps command to verify that the MTA has stopped. 
ps -eaf | grep gwmta 


Restarting the MTA 


Restarting the MTA from the MTA server console causes it to reread the configuration information 
provided in ConsoleOne. However, the MTA does not reread its startup file when you restart it from 
the MTA server console. 


1 At the server where the MTA is running, display the MTA server console. 
2 Click File > Restart > Yes to restart the MTA. 
NetWare Note: Use Restart (F6). 


If you want the MTA to reread its startup file, you must stop it, then restart it. 


MTA Web Console 
You can restart the MTA from the Status page. Click Restart MTA in the upper right corner of the 


page. 
Suspending/Resuming MTA Processing for a Location 


You can cause the MTA to stop processing messages for a location without stopping the MTA 
completely. For example, you could suspend message processing for a post office while backing up 
the post office. 


To suspend the MTA for a location: 


1 At the server where the MTA is running, display the MTA server console. 
2 Click Configuration > Status. 


3 Click the location (or multiple locations) to suspend, then click Suspend. 
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NetWare Note: Use Options (F10) > Configuration Status. Select the location, then click 
Suspend. 


Routing of all messages to and from the location remains suspended until you resume processing. 
To resume the MTA for a location: 

1 At the server where the MTA is running, display the MTA server console. 

2 Click Configuration > Status. 


3 Click the location (or multiple locations) to resume, then click Resume. 


NetWare Note: Use Options (F10) > Configuration Status. Select the location, then click 
Resume. 


MTA Web Console 
You can suspend and resume processing for a specific location on the Links page. Select one or 
more locations, then click Suspend or Resume as needed. 


Suspending/Resuming the MTA Admin Thread 


You can cause the MTA to stop updating the domain database (wpdomain. db) without stopping 
the MTA completely. For example, you could suspend the MTA admin thread while backing up the 
domain database. 


To suspend the MTA admin thread: 


1 At the server where the MTA is running, display the MTA server console. 
2 Click Configuration > Admin Status > Suspend. 
NetWare Note: Use Options > Admin Status > Suspend. 


The MTA admin thread no longer accesses the domain database until you resume processing. 
To resume the MTA admin thread: 


1 At the server where the MTA is running, display the MTA server console. 
2 Click Configuration > Admin Status > Resume. 
NetWare Note: Use Options (F10) > Admin Status > Resume. 
MTA Web Console 


You can suspend and resume the MTA admin thread from the Configuration page. Under the 
General Settings heading, click Admin Task Processing > Suspend or Resume > Submit. 


Displaying the MTA Software Date 


It is important to keep the MTA software up-to-date. You can display the date of the MTA software 
from the MTA server console. 


1 At the server where the MTA is running, display the MTA server console. 
2 Click Help > About MTA. 


NetWare Note: To check the date of the MTA NLM™, you can list the gwmta .n 1m file in the agent 
installation directory (typically, the sys: \system directory) or use the modules 
gwmta .n1m command at the server console prompt. 
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MTA Web Console 
You also check the MTA software date on the Environment page. 


Displaying the Current MTA Settings 
You can list the current configuration settings of the MTA at the MTA server console. 
To display the current MTA settings: 


1 At the server where the MTA is running, display the MTA server console. 

2 Click Configuration > Agent Settings. 
NetWare Note: Use View Log File (F9) to check the MTA settings recorded at the top of the log 
file. 


For information about the MTA settings, see Chapter 44, “Using MTA Startup Switches,” on 
page 683. 


MTA Web Console 
You check the current MTA settings on the Configuration page. 


Displaying MTA Status Information 


The MTA server console displays essential information about the functioning of the MTA. More 
detailed information is also available. 


To display detailed MTA configuration information: 


1 At the server where the MTA is running, display the MTA server console. 
2 Click Configuration > Status to display a list of the locations to which the MTA is connected. 
NetWare Note: Use Options (F10) > Configuration Status. 
The following information is provided: 
Location Name: Displays the name of the location serviced by the MTA. 
Location Type: Indicates whether the location is a domain, post office, or gateway. 


Connection Status: Indicates whether the MTA has been successful in locating and opening 
the database in the location. 


+ Open: The MTA can access the database or communicate with the agent at the location. 


+ Closed: The MTA cannot access the database or communicate with the agent at the 
location. For assistance, see “MTA Configuration Status Isn't Open” in “Message Transfer 
Agent Problems” in GroupWise 7 Troubleshooting 2: Solutions to Common Problems. 


+ Suspended: The MTA is not processing messages for the location because it has been 
suspended. See Section , “Suspending/Resuming MTA Processing for a Location,” on 
page 650. 


+ Open Pending: Post offices in the domain are in the process of opening and the MTA is 
clearing its holding queues. After this is accomplished, the MTA begins processing current 
messages and the status changes to Open. 


Home: Displays the full path to the database that the MTA services in the listed location. For a 
TCP/IP connection, it displays the IP address of the server that the MTA connects to in order to 
service the database. 
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3 Select a location, then click Details to display the above information plus the following 
additional details: 


Hold: Displays the full path to the location of the ms local directory structure used by the 
MTA to hold messages for closed locations. 


Pull: Displays the transfer pull directory, if any. See Section 41.3.3, “Using a Transfer Pull 
Configuration,” on page 636. 


Version: Provides the version (6.x/5.x/4.x) of the database at the location. 


Last Closed/Opened: Provides the date and time when the location was last closed and 
opened. 


Last Closure Reason: Indicates why a closed location is closed. To look up last closure 
reasons, see “Message Transfer Agent Error Messages” in GroupWise 7 Troubleshooting 1: 
Error Messages. 


Messages Written/Read: Provides statistics about throughput since the MTA was last started. 


Applications: Displays the programs the MTA can deliver messages to. Depending on the 
configuration of your GroupWise system, you might see GroupWise agents or GroupWise 4.1 
servers listed. 


TCP/IP: Lists the IP port the MTA listens on. 
MTA Web Console 


You can check the current MTA status on the Links page at the MTA Web console. Click a direct 
link to view its message queues. 


Displaying Live Remote Status 


You can monitor the live remote connections the MTA is servicing for Remote client users. For 
information about live remote processing, see Section 41.2.2, “Enabling Live Remote,” on 
page 629. 
1 At the server where the MTA is running, display the MTA server console. 
2 Click Configuration > Live Remote Status. 
NetWare Note: Use Options (F10) > Live Remote Status. 


The status information lists the GroupWise Remote client users who are connected to the MTA, 
along with the post offices and domains the MTA communicates with. 


Displaying MTA Admin Thread Status 


Status information for the MTA admin thread is displayed in a separate dialog box, rather than on 
the main MTA server console. 


To display MTA admin thread status information: 


1 At the server where the MTA is running, display the MTA server console. 
2 Click Configuration > Admin Status. 

NetWare Note: Use Options (F10) > Admin Status. 

The following status information is displayed: 


Admin Message Box 
The Admin Message box provides the following information about the workload of the MTA 
admin thread: 
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Completed: Number of administrative message successfully processed. 
Errors: Number of administrative messages not processed because of errors. 
In Queue: Number of administrative messages waiting in the queue to be processed. 


Send Admin Mail: Select this option to send a message to the administrator whenever a 
critical error occurs. See Section 42.7, “Notifying the Domain Administrator,” on page 671. 


Admin Database Box 
The Admin Database box provides the following information about the domain database: 


Status: Displays one of the following statuses: 
+ Normal: The MTA admin thread is able to access the domain database normally. 
+ Recovering: The MTA admin thread is recovering the domain database. 


+ DB Error: The MTA admin thread has detected a critical database error. The domain 
database (wpdomain. db) cannot be recovered. Rebuild the domain database in 
ConsoleOne. See Section 26.3, “Rebuilding Domain or Post Office Databases,” on 
page 381. 


The MTA admin thread does not process any more administrative messages until the 
database status has returned to Normal. 


+ Unknown: The MTA admin thread cannot determine the status of the domain database. 
Exit the MTA, then restart it, checking for errors on startup. 


DB Sort Language: Displays the language code for the language that determines the sort 
order of lists displayed in ConsoleOne and the GroupWise system Address Book. 


Recovery Count: Displays the number of recoveries performed on the domain database for 
the current MTA session. 


Admin Thread Box 
The Admin Thread box provides the following information about the MTA admin thread: 


Status: Displays one of the following statuses: 
+ Running: The MTA admin thread is active. 
+ Suspended: The MTA admin thread is not processing administrative messages. 
¢ Starting: The MTA admin thread is initializing. 
¢ Terminated: The MTA admin thread is not running. 
MTA Web Console 


You can display MTA admin thread status from the Configuration page. Under the General Settings 
heading, click Admin Task Processing. 


Recovering the Domain Database Automatically or Immediately 


The MTA admin thread can recover the domain database (wodomain.db) when it detects a 
problem. 


To enable/disable automatic domain database recovery: 


1 At the server where the MTA is running, display the MTA server console. 


2 Click Configuration > Admin Status > Automatic Recovery to toggle this feature on or off for 
the current MTA session. 
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NetWare Note: Use Options (F10) > Admin Status > Automatic Recovery. 
To recover the domain database immediately: 


1 At the server where the MTA is running, display the MTA server console. 
2 Click Configuration > Admin Status > Perform DB Recovery. 
NetWare Note: Use Options (F10) > Admin Status > Perform DB Recovery. 


For additional database repair procedures, see Chapter 26, “Maintaining Domain and Post Office 
Databases,” on page 377. 


MTA Web Console 

You can recover the post office database from the Configuration page. Under the General Settings 
heading, click Admin Task Processing. Select Automatic Recovery or Perform DB Recovery as 
needed. 


Performing eDirectory User Synchronization 


You can configure the MTA to perform Novell® eDirectory™ user synchronization at regular 
intervals. See Section 41.4.1, “Using eDirectory User Synchronization,” on page 638. You can also 
force eDirectory user synchronization to start immediately from the NetWare MTA server console. 


To start eDirectory user synchronization manually: 


1 At the server where the NetWare MTA is running, display the MTA server console. 
2 Press F4. 
MTA Web Console 


You can see when the next eDirectory user synchronization even will occur at the bottom of the 
Configuration page. 


Browsing the Current MTA Log File 


The MTA displays only the most urgent messages in the alert box. Additional information is written 
to the MTA log file. The amount of information depends on the current log settings for the MTA. 
See Section 42.3, “Using MTA Log Files,” on page 665. 


The information automatically scrolls up the screen as additional information is written. You can 
stop the automatic scrolling so you can manually scroll back through earlier information. 


To browse the current MTA log file and control scrolling: 


1 At the server where the MTA is running, display the MTA server console. 
2 Click Log > Active Log. 
NetWare Note: Use View Log File (F9). 


3 Deselect Automatic Scrolling to manually scroll back through parts of the log that have already 
scrolled out of the box. 


4 Click Freeze to stop the MTA from logging information to the active log box. 


5 Click Thaw when you want the MTA to resume logging information to the active log box. 


For explanations of messages in the MTA log file, see “Message Transfer Agent Error Messages” in 
Group Wise 7 Troubleshooting 1: Error Messages. 
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MTA Web Console 
You can browse and search MTA log files on the Log Files page. 


Viewing a Selected MTA Log File 


Reviewing log files is an important way to monitor the functioning of the MTA. 


1 At the server where the MTA is running, display the MTA server console. 
2 Click Log > View Log Files. 
3 Select a log file, then click View. 

NetWare Note: Use Options (F10) > View Log Files. 


For explanations of messages in the MTA log file, see “Message Transfer Agent Error Messages” in 
Group Wise 7 Troubleshooting 1: Error Messages. 


MTA Web Console 

You can view and search MTA log files on the Log Files page. 
Cycling the MTA Log File 

You can have the MTA start a new log file as needed. 


1 At the server where the MTA is running, display the MTA server console. 
2 Click Log > Cycle Log. 
NetWare Note: Use Options (F10) > Cycle Log File. 


Adjusting MTA Log Settings 


Default log settings are established when you start the MTA. However, they can be adjusted for the 
current MTA session from the MTA server console. 


1 At the server where the MTA is running, display the MTA server console. 
2 Click Log > Log Settings. 

NetWare Note: Use Options (F10) > Log Settings. 
3 Adjust the values as needed for the current MTA session. 


See Section 42.3, “Using MTA Log Files,” on page 665. 

MTA Web Console 

You can adjust MTA log settings from the Configuration page. Click the Event Log Settings heading. 
Editing the MTA Startup File 


You can change the configuration of the MTA by editing the MTA startup file from the MTA server 
console. 


1 At the server where the MTA is running, display the MTA server console. 
2 Click Configuration > Edit Startup File. 

NetWare Note: Use Options > Actions > Edit Startup File. 
3 Make the necessary changes, then save and exit the startup file. 
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4 Stop and restart the MTA. 


Accessing Online Help for the MTA 


Click Help on the menu bar for information about the MTA server console. Click the Help button in 
any dialog box for additional information. 


NetWare Note: Press F1 for information in any dialog box or menu. 


42.2 Using the MTA Web Console 


The MTA Web console enables you to monitor the MTA from any location where you have access to 
a Web browser and the Internet. This provides substantially more flexible access than the MTA 
server console, which can only be accessed from the server where the MTA is running. 

+ Section 42.2.1, “Setting Up the MTA Web Console,” on page 657 

+ Section 42.2.2, “Accessing the MTA Web Console,” on page 659 

+ Section 42.2.3, “Monitoring the MTA from the MTA Web Console,” on page 659 

+ Section 42.2.4, “Controlling the MTA from the MTA Web Console,” on page 664 


42.2.1 Setting Up the MTA Web Console 


The default HTTP port for the MTA Web console is established during MTA installation. You can 
change the port number and increase security after installation. 

1 In ConsoleOne, browse to and right-click the MTA object, then click Properties. 

2 Click GroupWise > Network Address to display the Network Address page. 


Properties of MTA 


GroupWise + | NDS Rights + | Other | Rights to Files and Folders 
Network Address: 





TCPAP Address: |id-nw.provo novell.com 





IPXISPX Address: J 
TD Bind Exclusively to TCPAP Address 


Port SSL 
Message Transfer: | 7100 4 Disabled x | 

















HTTP: 7180 $| disabled ~ | 





Page Options... ok | Cancel | Apply | Hep | 





If you configured the MTA for TCP/IP links during installation, the TCP/IP Address field 
should display the MTA server’s network address. If it does not, follow the instructions in 
Section , “Using TCP/IP Links between Domains,” on page 618. The MTA must be configured 
for TCP/IP in order to provide the MTA Web console. 
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3 Make a note of the IP address or DNS hostname in the TCP/IP Address field. You need this 
information to access the MTA Web console. 


The HTTP Port field displays the default port number of 7180. 


4 Ifthe default HTTP port number is already in use on the MTA server, specify a unique port 
number. 


5 Make a note of the HTTP port number. You will need this information to access the MTA Web 
console. 


6 Ifyou want to use an SSL connection for the MTA Web console, which provides optimum 
security, select Enabled in the HTTP SSL drop-down list. 


For additional instructions about using SSL connections, see Chapter 71, “Encryption and 
Certificates,” on page 1121. 


7 Click Apply to save your changes on the Network Address page. 


If you want to limit access to the MTA Web console, you can provide a username and 
password. 


8 Click GroupWise > Agent Settings to display the Agent Settings page. 


Properties of MTA 
DS Rights + | Other | Rights to Files and Folders | 


Scan Cycle: 15 £| seconds 


Scan High: 5 4 seconds 





Attach Retry: 600 +! seconds 


[V Enable Automatic Database Recovery 





[ Use 2nd High Priority Scanner 
T Use 2nd Mail Priority Scanner 








SNMP Community "Get" String: 


HTTP Settings 





HTTP User Name: [ 


HTTP Password: Set Password 


Page Options... Cancel 








9 Inthe HTTP Settings box: 
Ga Inthe HTTP User Name field, specify a unique username. 
9b Click Set Password. 
9c Type the password twice for verification. 
9d Click Set Password. 


Unless you are using an SSL connection, do not use an eDirectory username and password 
because the information passes over the insecure connection between your Web browser 
and the MTA. 


For convenience, use the same username and password for all agents that you plan to 
monitor from GroupWise Monitor. This saves you from having to provide the username 
and password information as Monitor accesses each agent. 


10 Click OK to save the MTA Web console settings. 
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ConsoleOne then notifies the MTA to restart so the new settings can be put into effect. 


Corresponding Startup Switches 

You can also use the /httpport, /httpuser, and /httppassword startup switches in the MTA startup file 
to enable the MTA Web console. In addition, you can use the /httprefresh switch to control how 
often the MTA refreshes the information provided to your Web browser. 


42.2.2 Accessing the MTA Web Console 


To monitor the MTA from your Web browser, view the URL where the MTA is located by supplying 
the network address and port number as provided in ConsoleOne. For example: 
http://172.16.5.18:7100 

http://172.16.5.18:7180 

http://server1:7100 

https://server2:7180 


When viewing the MTA Web console, you can specify either the message transfer port or the HTTP 
port. 


Figure 42-3 MTA Web Console 





GroupWvise 7.0 MTA - Provo3 


Status | Configuration | Environment | Log Files | Links | Message Tracking | Help 





Restart MTA 
Up Time: 2 Days 20 Hrs 48 Mins 





Domains 4 
Post Offices 1 0 
Gateways 2 a 





Routed 12 3 
Undeliverable 0 a 
Errors 0 0 








Closed Links 


Alerts 
<07/15/07 15:30:43> DIS: MTA configuration loaded 
<07/16/07 15:04:16> DIS: MTA restart in progress 


42.2.3 Monitoring the MTA from the MTA Web Console 


The MTA Web console provides several pages of information to help you monitor the performance 
of the MTA. The bar at the top of the MTA Web console displays the name of the MTA and its 
domain. Below this bar appears the MTA Web console menu that lists the pages of information 
available in the MTA Web console. Online help throughout the MTA Web console helps you 
interpret the information being displayed and use the links provided. 

+ “Monitoring MTA Status” on page 660 

+ “Checking the MTA Operating System Environment” on page 660 

+ “Viewing and Searching MTA Log Files” on page 661 

+ “Monitoring the Routing Queue” on page 662 

+ “Monitoring Links” on page 662 

+ “Tracking Messages” on page 663 
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Monitoring MTA Status 


When you first access the MTA Web console, the Status page is displayed. Online help throughout 
the MTA Web console helps you interpret the information being displayed and use the links 
provided. 


Figure 42-4 MTA Web Console with the Status Page Displayed 





se 7.0 MTA - Pri ) 
Status | Configuration | Environment | Log Files | Links | Message Tracking | Help 





Restat MTA 


Up Time: 2 Days 20 Hrs 48 Mins 





Domains 4 0 
Post Offices 1 0 
Gateways 2 0 





Routed 12 3 
Undeliverable 0 0 
Errors 0 0 


Queue Information 
Router 0 








Alerts 


<07/15/07 15:30:43> DIS: MTA configuration loaded 
<O7 6/07 15:04:16> DIS: MTA restart in progress 


Click the Router link to display details about the MTA routing queue (gwinprog). You can quickly 
determine how many messages are awaiting processing, how large they are, and how long they have 
been waiting in the routing queue. 


Click a closed location to display its holding queue to see how many messages are waiting for 
transfer. 


Checking the MTA Operating System Environment 


On the MTA Web console menu, click Environment to display information about the operating 
system where the MTA is running. On a NetWare server, the following information is displayed: 


Figure 42-5 MTA Web Console with the Environment Page Displayed for a NetWare Server 








Server Configuration 

Server PRV-GW 
Company Novell 

OS Revision NetWare 5.70.03 
OS Date January 20, 2005 
Supported Connections 31 


Connections in Use 1 





Receive Buffer Max 10000 (Recommended 2500) 
Module Information 

GroupWise Engine (release version) 

GWENN5.NLM 

Version 7.00 

Memory Allocated 12428 

Build Date 7-12-2005 


On a Linux server, the following information is displayed: 
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Figure 42-6 MTA Web Console with the Environment Page Displayed for a Linux Server 


Grou 0 





Status | Configuration | Environment | Log Files | Links | Message Tracking | Help 











onfiguration 


Server jbd-Inx 

OS Revision Linux Release 2.6.5-7.147-default 
Main Thread Process ID 13041 

Build Dates 

GroupWise Agent Build Date 07-14-05 

GroupWise Resource Build Date 06-15-05 


On a Windows server, the following information is displayed: 


Figure 42-7 MTA Web Console with the Environment Page Displayed for a Windows Server 


Gr 





Status | Configuration | Environment | Log Files | Links | Message Tracking | Help 





OS Data 

Windows 2000 Version 5.0 (Build 2195 )Service Pack 4 

Build Dates 

GroupWise Agent Build Date 07-12-05 
GroupWise Engine Build Date 07-12-05 
GroupWise Resource Build Date 07-12-05 


Viewing and Searching MTA Log Files 


On the MTA Web console menu, click Log Files to display and search MTA log files. 


Figure 42-8 MTA Web Console with the Event Log Filter Page Displayed 








Status | Configuration | Environment | Log Files | Links | Message Tracking | Help 


View Event Log Settings 


vent Log Filter 





Events containing 





Message type 

M Message logging I Routing 
T Event logging I Admin 
I Dispatcher F Scanner 
I Message transfer 

Event logs: I Select all 


0711mta.001 07-12-07 00:00:00 
0712mta.001 07-13-07 00:00:00 
0713mta.001 07-14-07 00:00:00 
0714mta.001 07-14-07 16:28:56 
0715mta.001 07-16-07 00:00:00 
0716mta.001 07-17-07 00:00:00 
* 0718mta.001 07-16-07 00:00:01 
0717mta.001 07-18-07 00:00:01 








2979 
2979 
3915 
3446 
411 
549 
0 
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View Events Cycle Log 


To view a particular log file, select the log file, then click View Events. 


To search all log files for a particular string, type the string in the Events Containing field, select 
Select All, then click View Events. You can also manually select multiple log files to search. 


In the Message Type list, you can select one or more types of MTA processing to search for: 


Message Logging (MLG): The message logging threads write information into the message log 
file if message logging has been turned on. See Section 41.4.2, “Enabling MTA Message Logging,” 
on page 643. 
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Event Logging (LOG): The event logging thread writes information into the event log files that 
you can search on this page. See Section 42.3, “Using MTA Log Files,” on page 665. 


Dispatcher (DIS): The dispatcher thread starts other MTA threads as needed to meet the demands 
being put on the MTA at any given time. 


Message Transfer (MTP): The message transfer threads communicate with other MTAs and with 
POAs in the local domain to transfer messages to domains and post offices to which the local MTA 
is linked by way of TCP/IP. See Section , “Using TCP/IP Links between Domains,” on page 618 and 
Section , “Using TCP/IP Links between a Domain and its Post Offices,” on page 623. 


Router (RTR): The router threads process messages in the routing queue and prepare them for 
transfer to the next hop in the link path to their destinations. See Section 43.3, “Optimizing the 
Routing Queue,” on page 680. 


Admin (ADM): The admin thread updates the domain database (wpdomain.db) whenever 
administrative information changes. See Section , “MTA Admin Thread Status Box,” on page 648. 


Scanner (SCA): The scanner threads check for incoming messages when UNC or mapped links are 
in use. See Section 43.2.3, “Adjusting the Number of MTA Scanner Threads for the Domain and 
Post Offices,” on page 678. 


The results of the search are displayed on a separate page which can be printed. 


Monitoring the Routing Queue 


On the MTA Web console menu, click Status, then click Router to display the contents of the routing 
queue. Typically, no message files are waiting unless the MTA is down or backlogged. 


Figure 42-9 MTA Web Console with the Router Queue Page Displayed 





GroupWise 7.0 MTA - Provo3 


Status | Configuration | Environment | Log Files | Links | Message Tracking | Help 





Last updated 07-18-07 13:09:03 


gwinprog 
Home Igwsystem/provo3/mslocal/gwinprog 


Queue Count KBytes Oldest Newest 
0 A E 


14107 107 [> [09 IN > 10 
2000000 
00000000 


You can click any queue to view the message files it contains. 


Monitoring Links 


On the MTA Web console menu, click Links to monitor the direct links between the MTA and other 
locations. 
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Figure 42-10 MTA Web Console with the Links Page Displayed 





Gro 7.0 MTA - Provo2 
Status | Configuration | Environment | Log Files | Links | Message Tracking | Help 























Last updated 07-18-05 13:11:02 View Link Configuration 
View TCP/IP Connections 
View Gateways 
Direct Link Type Status Messages Queued Oldest 
C Provo3 Domain Closed 4 - 
C Provo2 Domain Open 0 
Tr GWIA Gateway Open 0 
CO Sales Post Office Open 0 
M WEBAC7OA Gateway Open 0 
M Provot Domain Open 0 
Suspend | Resume | 





Click a location to view its holding queue. Click View Link Configuration to determine the address 
of each location and access the agent Web consoles of other domains and of post offices that belong 
to the local domain. Click View TCP/IP Connections to view incoming and outgoing TCP/IP links. 
Click View Gateways to restrict the list to just gateways. 


Tracking Messages 


Before you can track messages at the MTA Web console, you must enable message logging for 
MTAs throughout your system. See Section 41.4.2, “Enabling MTA Message Logging,” on 

page 643. When you enable MTA message logging, the MTA stores data about GroupWise message 
traffic as it processes messages. The stored data is then available for use from the MTA Web 
console. 


To track a specific message, have the sender check the Sent Item Properties for the message in the 
GroupWise client. The Mail Envelope Properties field displays the message ID of the message; for 
example, 3ADSEDEB.31D : 3 : 12763. To track all messages sent by a particular user, make a note 
of the user’s GroupWise user ID. 


On the MTA Web console menu, click Message Tracking. 


Figure 42-11 MTA Web Console with the Message Tracking Page Displayed 





GroupWise 7.0 MTA - Provo 


Status | Configuration | Environment | Log Files | Links | Message Tracking | Help 





View Message Log Settings 
View Log Files 





lessage Tracking 

Filename 

[fo O Submit 
Message ID 

Originator 


Fill in one of the fields, depending on what you want to track, then click Submit. The results of the 
search are displayed on a separate page which can be printed. 
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42.2.4 Controlling the MTA from the MTA Web Console 


At the MTA Web console, you can change some MTA log settings for the current MTA session. You 
can also stop and start some specific MTA threads. 


+ “Changing MTA Configuration Settings” on page 664 
+ “Controlling the MTA Admin Thread” on page 664 
+ “Controlling Links to Other Locations” on page 665 


Changing MTA Configuration Settings 


On the MTA Web console menu, click Configuration. Online help on the Configuration page helps 
you interpret the configuration information being displayed. 


Figure 42-12 MTA Web Console with the Configuration Page Displayed 








General Settings: 














Dornain Directory: c:\gwsystem\provo2 
Work Directory: c:\gwsystem\provo2\mslocal 
Preferred GWIA: Provo2. GWIA 
Default Route: 

Force Route No 

Known IDomains: *corporate.com 
Allow Direct Send to Other Systems No 

Error Mail to Administrator: No 

Display the Active Log Window Initially No 

eDirectory Authenticated: Yes admin. Docdev. Novell 
eDirectory User Synchronization Yes 

Admin Task Processing Yes 

Database Recovery: Yes 

Simple Network Management Protocol (SNMP): Enabled (index 1) 
IPY6 Protocol Disabled 

TCP/IP Settings: 

Maximum Inbound TCP/IP Connections: 40 

TCP Port for Incoming Connections: 7100 

Message Transfer over SSL: Disabled 

TCP Port for HTTP Connections: 7180 

HTTP Refresh Rate: 60 secs 

HTTP over SSL: Disabled 

TCP/IP Connection Timeout: 5 

TCPAIP Data Timeout: 20 

Event Log Settings: 

Log Level Normal 

Disk Logging Yes 


Click the Event Log Settings heading to change the MTA log settings for the current MTA session. 


Controlling the MTA Admin Thread 


On the Configuration page, click Admin Task Processing. 
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Figure 42-13 MTA Web Console with the Admin Task Status Page Displayed 








Admin Messages 


Completed: 12 
Errors: 0 
Send Admin Mail: O 
Admin Database 
Status Normal 
DB Sort Language: US 
Recovery Count: 0 
Automatic Recovery Mv 
Perform DB Recovery O 
Admin Thread 
Status Running 
Suspend © 
Resume O 
Submit 


Modify the functioning of the MTA admin thread as needed, then click Submit. The changes remain 
in effect for the current MTA session. 


Controlling Links to Other Locations 
On the MTA Web console menu, click Links. 


Figure 42-14 MTA Web Console with the Links Page Displayed 





Gro 7.0 MTA - Provo2 
Status | Configuration | Environment | Log Files | Links | Message Tracking | Help 





Last updated 07-18-05 13:11:02 View Link Configuration 
View TCP/IP Connections 
View Gateways 


Direct Link Type Status Messages Queued Oldest 
M Provo3 Domain Closed 4 - 
M Provo2 Domain Open 0 
C GWIA Gateway Open 0 
M Sales Post Office Open 0 
CO WEBAC70A Gateway Open a 
C Provol Domain Open 0 
Suspend | Resume | 





Select one or more locations, then click Suspend or Resume as needed. 


42.3 Using MTA Log Files 


Error messages and other information about MTA functioning are written to log files as well as 
displaying on the MTA server console. Log files can provide a wealth of information for resolving 
problems with MTA functioning or message flow. This section covers the following subjects to help 
you get the most from MTA log files: 

+ Section 42.3.1, “Configuring MTA Log Settings and Switches,” on page 666 

+ Section 42.3.2, “Viewing MTA Log Files,” on page 666 


¢ Section 42.3.3, “Interpreting MTA Log File Information,” on page 666 
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42.3.1 Configuring MTA Log Settings and Switches 


The following aspects of logging are configurable: 


+ Log File Path (/log) 

+ Disk Logging (/logdiskoff) 

+ Logging Level (/loglevel) 

+ Maximum Log File Age (/logdays) 


+ Maximum Log File Size (/logmax) 
You can configure the log settings in the following ways: 


+ 


Using ConsoleOne to establish defaults (see Section 41.1.8, “Adjusting the MTA Logging 
Level and Other Log Settings,” on page 627) 
U 


sing startup switches to override ConsoleOne settings (see Section 44, “Using MTA Startup 
Switches,” on page 683) 


Using the MTA server console to override log MTA settings for the current session (see 
Section , “Adjusting MTA Log Settings,” on page 656 
U 
S 





sing the MTA Web console to override other MTA settings for the current MTA session (see 
ection 42.2.4, “Controlling the MTA from the MTA Web Console,” on page 664) 


42.3.2 Viewing MTA Log Files 


You can view the contents of the MTA log file from the MTA server console and Web console. See 
the following tasks: 

+ “Browsing the Current MTA Log File” on page 655 

+ “Viewing a Selected MTA Log File” on page 656 

+ “Cycling the MTA Log File” on page 656 

+ “Viewing and Searching MTA Log Files” on page 661 


42.3.3 Interpreting MTA Log File Information 


On startup, the MTA records the MTA settings currently in effect. Thereafter, it logs events that take 
place, including errors. To look up error messages that appear in MTA log files, see “Message 
Transfer Agent Error Messages” in Group Wise 7 Troubleshooting 1: Error Messages. 


Because the MTA consists of multiple threads, you might find it useful to retrieve the log file into an 
editor and sort it on the thread ID that follows the date and time information. Sorting will group all 
messages together for the same MTA thread. At the MTA Web console, you can search through 
multiple log files. See “Viewing and Searching MTA Log Files” on page 661. You can also use the 
search capability of the MTA Web console to gather information about a specific MTA thread. See 
“Viewing and Searching MTA Log Files” on page 661. 


42.4 Using GroupWise Monitor 


Group Wise Monitor is a monitoring and management tool that allows you to monitor Group Wise 
agents and gateways from any location where you are connected to the Internet and have access to a 
Web browser. The MTA Web console can be accessed from GroupWise Monitor, enabling you to 
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monitor all MTAs in your GroupWise system from one convenient location. In addition, GroupWise 
Monitor can notify you when agent problems arise. 


Figure 42-15 GroupWise Monitor Web Console 
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~ 95 Corporate Mail Monitored agents for "Corporate Mail" group 
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For installation and setup instructions, see “Installing GroupWise Monitor” in the GroupWise 7 
Installation Guide. For usage instructions, see Part XIII, “Monitor,” on page 963. 


42.5 Using Novell Remote Manager 


If the MTA is running on NetWare 6.5 or on Novell Open Enterprise Server (OES), you can use the 
IP Address Management feature in Novell Remote Manager (Manage Server > IP Address 
Management) to view the IP address and port configuration for the MTA. This is also true for other 
Group Wise agents (POA, Internet Agent, and WebAccess Agent) running on NetWare 6.5/OES 
servers. 





IMPORTANT: If the MTA is running in protected mode on NetWare, it will not display in Novell 
Remote Manager. 





You access Novell Remote Manager by entering the following URL in a Web browser: 
http://server address: 8008 


For example: 
http://172.16.5.18:8008 


For more information about using Novell Remote Manager, see the NetWare 6.5 Documentation 
Web site (http://www.novell.com/documentation/nw65) and the Novell Open Enterprise Server 
Documentation Web site (http://www.novell.com/documentation/oes). 


42.6 Using an SNMP Management Console 


You can monitor the MTA from the Management and Monitoring component of Novell ZENworks® 
for Servers or another SNMP management and monitoring program. When properly configured, the 
MTA sends SNMP traps to network management consoles for display along with other SNMP 
monitored programs. 


Although the MTA is SNMP-enabled by default, the server where the MTA is installed must be 
properly configured to support SNMP, and the MTA object in eDirectory must be properly 
configured as well. To set up SNMP services for your server, complete the following tasks: 


+ Section 42.6.1, “Setting Up SNMP Services for the MTA,” on page 668 
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+ Section 42.6.2, “Copying and Compiling the MTA MIB File,” on page 670 
+ Section 42.6.3, “Configuring the MTA for SNMP Monitoring,” on page 671 


42.6.1 Setting Up SNMP Services for the MTA 


Select the instructions for the platform where the MTA runs: 


+ “Setting Up SNMP Services for the NetWare MTA” on page 668 
+ “Setting Up SNMP Services for the Linux MTA” on page 668 
+ “Setting Up SNMP Services for the Windows MTA” on page 669 


Setting Up SNMP Services for the NetWare MTA 


The NetWare MTA supports SNMP through the SNMP services loaded on the NetWare server. 
SNMP services are provided through the SNMP NLM™. The SNMP NLM initiates and responds to 
requests for monitoring information and generates trap messages. 


If the SNMP NLM is not loaded before the NetWare MTA, the MTA still loads and functions 
normally, but SNMP support is disabled. The MTA does not attempt to auto-load snmp.nlm. 


To load the SNMP NLM manually: 
1 Go to the console of each NetWare server where you want to implement SNMP services. 


These servers should already have the GroupWise agents installed. 
2 Type the command to load the SNMP NLM: 
Syntax 


load snmp v control=x monitor=y trap=z 


where v represents Verbose, meaning to display informational messages, and x, y and z are 
replaced with your system SNMP community strings for SNMP SETs, GETs and TRAPs). 


Example: 


load snmp v control=private monitor=public trap=all 


The configuration for the SNMP NLM is found in snmp.cfg and traptarg.cfg in the sys:\etc 
directory. View the contents of these files for more information. 


The TCP/IP NLM automatically loads snmp.nlm, using default values for the community 
strings. If your system uses different community string values, load snmp.nlm before tcpip.nlm. 


3 Ifthe SNMP NLM is already loaded, you can add the control and trap parameters by typing the 
following at the console prompt: 


snmp control= trap= 

To automatically load these commands, include them in the autoexec.ncf file. 

For more information about implementing SNMP services, see your NetWare documentation. 
4 Skip to Section 42.6.2, “Copying and Compiling the MTA MIB File,” on page 670. 


Setting Up SNMP Services for the Linux MTA 


The Linux MTA is compatible with NET-SNMP. An older version of SNMP called UCD-SNMP 
cannot be used with the Linux MTA. NET-SNMP comes standard with OES Linux, but it does not 
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come standard with SLES 9. If you are using SLES 9, you must update to NET-SNMP in order to 
use SNMP to monitor the Linux MTA. 


1 Make sure you are logged in as root. 


2 If NET-SNMP is not already set up on your Linux server, use the following command to 
configure SNMP: 





snmpconf -g basic setup 


The snmpconf command creates the snmpd.conf file in one of the following directories, 
depending on your version of Linux: 


/usr/share/snmp 
/usr/local/share/snmp 
-/ .snmp 


3 Locate the snmpd. conf file on your Linux server. 

In a text editor, open the snmpd. conf file and add the following line: 

dlmod Gwsnmp /opt/novell/groupwise/agents/lib/libgwsnmp.so 
5 Savethe snmpd. conf file and exit the text editor. 


6 Restart the SNMP daemon (snmpd) to put the changes into effect. 





IMPORTANT: Make sure that the SNMP daemon always starts before the POA starts. 





7 Skip to Section 42.6.2, “Copying and Compiling the MTA MIB File,” on page 670. 


Setting Up SNMP Services for the Windows MTA 


SNMP support is provided for up to eight Windows MTAs on the same Windows server. Upon 
startup, each instance of the MTA is dynamically assigned a row in its SNMP table. View the 
contents of the MTA MIB for a description of the SNMP variables in the table. 


To set up SNMP services for the Windows MTA, complete the following tasks: 
+ “Installing Windows SNMP Support” on page 669 
+ “Installing GroupWise Agent SNMP Support” on page 670 

Installing Windows SNMP Support 


For Windows 2000, the SNMP service is usually not included during the initial operating system 
installation. The SNMP service can be easily added at any time. To add or configure the SNMP 
service, you must be logged in as a member of the Administrator group. 


For example, to add the SNMP service to a Windows 2000 server: 


1 From the Control Panel, double-click Add/Remove Programs. 

2 Click Add/Remove Windows Components. 

3 Select Management and Monitoring Tools. 

4 Click Details, then select Simple Network Management Protocol. 


Continue with “Installing GroupWise Agent SNMP Support” on page 670. 
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Installing GroupWise Agent SNMP Support 


The Group Wise Agent Installation program includes an option for installing SNMP support. 
However, if the server where you installed the agents did not yet have SNMP set up, that installation 
option was not available. Now that you have set up SNMP, you can install GroupWise agent SNMP 
support. 


At the Windows server where you want to install the GroupWise agent SNMP support: 


1 Run setup.exe atthe root of the GroupWise 7 Administrator for NetWare/Windows CD, 
then click Install Products > GroupWise Agents > Install GroupWise Agents. 


or 


Run install.exe from the agents subdirectory on the GroupWise 7 Administrator for 
NetWare/Windows CD or in your software distribution directory if you have updated it with the 
latest Group Wise software. 


2 Inthe Installation Path dialog box, browse to and select the path where the agent software is 
installed, then select Install and Configure SNMP for GroupWise Agents. 


3 To shorten the install time, deselect Install GroupWise Agent Software. 


4 Continue through the rest of the installation process as prompted by the Agent Installation 
program. 


The Agent Installation program copies the SNMP support files to the agent installation 
directory, makes the appropriate Windows registry entries, and restarts the Windows SNMP 
service. 


5 Continue with Section 42.6.2, “Copying and Compiling the MTA MIB File,” on page 670. 


42.6.2 Copying and Compiling the MTA MIB File 


An SNMP-enabled MTA returns information contained in a Management Information Base (MIB). 
The MIB is an ASCII data structure that defines the information gathered. It also defines the 
properties that can be monitored and managed on the SNMP-enabled MTA. 


Before you can monitor an SNMP-enabled MTA, you must compile the gwmta.mib file using your 
SNMP management program. 


NetWare The GroupWise MIBs are located on the GroupWise 7 Administrator for NetWare/ 

and Windows CD inthe \agents\snmp directory or in the 

Windows: software distribution directory\agents\snmp directory if you have 
updated it with the latest GroupWise software. 


Linux: The GroupWise MIBs are located on the GroupWise Administrator for Linux CD in the / 
agents/snmp directory. 


1 Copy the gwmta.mib file from the \agents\snmp directory to the location required by 
your SNMP management program. 


ZENworks Server Management users can access the gwmta.mib file in the software 
distribution directory. 
2 Compile or import the gwmta.mib file as required by your SNMP management program. 


For example, to compile the gwmta.mib file for ZENworks Server Management: 
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2a In ConsoleOne, right-click the Site Server object, then click Properties > MIB Pool. 
2b Click Modify Pool > Add. 

2c Browse to and select the gwmta.mib file, then click OK. 

2d Click Compile. 


2e Make sure that the server where the MTA is running is configured to send SNMP traps to 
the ZENworks Server Management Site Server. 


NetWare: Add the IP address or hostname of the ZENworks Server Management Site 
Server to the traptarg.cfg file in the sys: \etc directory. 


Windows: Add the IP address or hostname of the ZENworks Server Management Site 
Server to the list of trap destinations. For example, from the Windows 2000 
Control Panel, double-click Administrative Tools, then click Services > SNMP 
Service > Properties > Traps. 


Refer to your SNMP management program documentation for further instructions. 
3 Continue with Configuring the MTA for SNMP Monitoring. 


42.6.3 Configuring the MTA for SNMP Monitoring 


In order for SNMP monitoring programs to monitor the MTA, the MTA must be configured with a 
network address and SNMP community string. 

1 In ConsoleOne, browse to and right-click the MTA object, then click Properties. 

2 Click GroupWise > Network Address to display the Network Address page. 


3 Click the pencil icon to provide the TCP/IP address or IPX™/SPX™ address of the server 
where the MTA runs, then click Apply. 


4 Click GroupWise > Agent Settings. 
5 Provide your system SNMP community GET string, then click OK. 
ConsoleOne then notifies the POA to restart so the new settings can be put into effect. 


The MTA should now be visible to your SNMP monitoring program. 


42.7 Notifying the Domain Administrator 


If you want to be notified with an e-mail message whenever the MTA encounters a critical error, you 
can designate yourself as an administrator of the domain for which the MTA is running. 


1 In ConsoleOne, browse to and right-click the Domain object, then click Properties to display 
the Identification page. 
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Properties of Provo1 


GroupWise v | wos Rights v | Other | Rights to Files and Folders: | 
Identification | 


Domain: Provo1 





Description: 





UNC Path: \WBD-Nisysigwsystem 








Language: English - US 


Domain Type: Primary 





Time Zone: (GMT-07:00) Mountain Time (US 8 Canada) 


Database Version: 7 





Network Type: Novell NetWare 











Administrator: 


Page Options... | Cancel | 








2 Inthe Administrator field, browse to and select your Group Wise user ID. 


A domain can have a single administrator, or you can create a group to function as 
administrators. 


3 Click OK to save the administrator information. 
The selected user or group then begins receiving e-mail messages whenever the MTA for the 


domain encounters a critical error. 


Corresponding Startup Switches 
By default, the MTA generates error mail if an administrator has been assigned for the domain. 
Error mail can be turned off using the /noerrormail switch. 


MTA Web Console 
Another way to receive e-mail notification of MTA problems is to use GroupWise Monitor to access 
the MTA Web console. See Section 59.5.1, “Configuring E-Mail Notification,” on page 979. 


42.8 Using the MTA Error Message 
Documentation 
MTA error messages are documented with the source and explanation of the error, possible causes of 


the error, and actions to take to resolve the error. See “Message Transfer Agent Error Messages” in 
Group Wise 7 Troubleshooting 1: Error Messages. 


42.9 Employing MTA Troubleshooting 
Techniques 


If you are having a problem with the MTA but not receiving a specific error message, or if the 
suggested actions for the specific error did not resolve the problem, you can review more general 
troubleshooting strategies for dealing with MTA problems. See “Message Transfer Agent Problems” 
in “Strategies for Agent Problems” in GroupWise 7 Troubleshooting 2: Solutions to Common 
Problems. 
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You can also use GroupWise Monitor to troubleshoot message transfer problems. See Part XIII, 


“Monitor,” on page 963. 


42.10 Using Platform-Specific MTA Monitoring 


Tools 


Each operating system where the MTA runs provides tools for monitoring programs. 


NetWare: You can use the NetWare Monitor NLM to monitor the effects of the MTA on the 
NetWare server. NetWare 6.x/OES provides monitoring tools that you can use from your 
Web browser. Processor, resource, and memory utilization can be compared to other 
non-GroupWise NLM programs to determine if the MTA NLM program is monopolizing 
resources. See your NetWare documentation for additional monitoring suggestions. 


Linux: You can use SNMP tools like snmpget and snmpwalk that allow you to retrieve the data 
about all the services registered with the SNMP service. These tools are part of the 


NET-SNMP package. See your Linux documentation for additional monitoring 


suggestions. 


Windows: You can use the Performance Monitor in Windows Administrator Tools to gather similar 
information. See your Windows documentation for additional monitoring suggestions. 


42.11 Using MTA Message Logging 


For extremely detailed monitoring of message flow, you can configure the MTA to gather a variety 


of statistics. See Section 41.4.2, “Enabling MTA Message Logging,” on page 643. 


Monitoring the MTA 673 


674 GroupWise 7 Administration Guide 


Optimizing the MTA 


You can adjust how the MTA functions to optimize its performance. Before attempting optimization, 
you should run the MTA long enough to observe its efficiency and its impact on other network 
applications running on the same server. See Chapter 42, “Monitoring the MTA,” on page 645. 


Also, remember that optimizing your network hardware and operating system can make a difference 
in MTA performance. 


The following topics help you optimize the MTA: 


+ Section 43.1, “Optimizing TCP/IP Links,” on page 675 

+ Section 43.2, “Optimizing Mapped/UNC Links,” on page 676 

+ Section 43.3, “Optimizing the Routing Queue,” on page 680 

+ Section 43.4, “Adjusting MTA Polling of Closed Locations,” on page 680 


43.1 Optimizing TCP/IP Links 


Using startup switches in the MTA startup file, you can fine-tune the performance of TCP/IP links. 


+ Section 43.1.1, “Adjusting the Number of MTA TCP/IP Connections,” on page 675 


+ Section 43.1.2, “Adjusting the MTA Wait Intervals for Slow TCP/IP Connections,” on 
page 676 


43.1.1 Adjusting the Number of MTA TCP/IP Connections 


When using TCP/IP links between domains, you can control the number of inbound connections the 
MTA can establish for receiving messages. 


Use the /tcpinbound switch in the MTA startup file to increase the maximum number of inbound 
connections the MTA can establish from the default of 40 to whatever setting meets the needs of 
your system. There is no maximum setting. 


If the MTA is receiving more requests than it can accept, the sending MTAs must wait until a 
connection becomes available, which slows down message transfer. Each connection requires only 
about 20 KB. For example, if you configure the MTA to accept 600 connections, it would require 
approximately 12 MB of RAM. Although there is no maximum setting for inbound connections, this 
setting is adequate to handle very heavy usage. Use lower settings to conserve RAM or for lighter 
usage. 


MTA Web Console 
You can check the maximum number of TCP/IP connections that the MTA can start on the 
Configuration page under the TCP/IP Settings heading. 


43.1.2 Adjusting the MTA Wait Intervals for Slow TCP/IP 
Connections 


When using TCP/IP links, you can control how long the MTA waits for responses. 
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By default, the MTA waits 5 seconds for a response when trying to contact another MTA or a POA 
across a TCP/IP link. If no response is received from the other MTA or the POA, the sending MTA 
tries again three more times. If all four attempts fail, the MTA reports an error, then waits 10 minutes 
before it tries again. 


When the MTA attempts to send messages to another MTA or a POA across a TCP/IP link, the 
sending MTA tries for 20 seconds before reporting an error. 


On some networks, these wait intervals might not be sufficient, and the MTA might report an error 
when, by waiting longer, the needed connection or data transfer would be able to take place. 


Use the /tcpwaitconnect switch in the MTA startup file to increase the number of seconds the MTA 
waits for a response from another MTA or a POA across a TCP/IP link. 


Use the /tcpwaitdata switch in the MTA startup file to increase the number of seconds the MTA 
attempts to send messages to another MTA or a POA across a TCP/IP link. 


MTA Web Console 
You can check the current wait intervals on the Configuration page under the TCP/IP Settings 
heading. 


43.2 Optimizing Mapped/UNC Links 


If you must use mapped or UNC links, you can fine-tune how the MTA polls its input queues. 


+ Section 43.2.1, “Using TCP/IP Links between Locations,” on page 676 


+ Section 43.2.2, “Adjusting MTA Polling of Input Queues in the Domain, Post Offices, and 
Gateways,” on page 676 


+ Section 43.2.3, “Adjusting the Number of MTA Scanner Threads for the Domain and Post 
Offices,” on page 678 





NOTE: The Linux MTA does not use mapped or UNC links. 


43.2.1 Using TCP/IP Links between Locations 


TCP/IP links between domains or between a domain and its post offices are faster than mapped or 
UNC links because the MTA is immediately notified whenever a new message arrives. This 
eliminates the latency involved in scanning input directories for messages to process. To change 
from mapped or UNC links to TCP/IP links, see “Using TCP/IP Links between Domains” on 
page 618 and “Using TCP/IP Links between a Domain and its Post Offices” on page 623 


43.2.2 Adjusting MTA Polling of Input Queues in the Domain, 
Post Offices, and Gateways 


When using mapped or UNC links between the local domain and its post offices and other domains, 
the MTA can create a lot of network traffic just scanning its input queues, especially if the message 
load is light. This can be minimized by setting the scan cycle to a higher number. On the other hand, 
if the scan cycle is set too high, important messages might have to wait in the input queues to be 
picked up by the MTA. The MTA’s scan cycle settings also control how often it communicates with 
gateways installed in the domain. 


676 GroupWise 7 Administration Guide 


By default, when using mapped or UNC links, the MTA scans its high priority queues every 5 
seconds and its regular and low priority queues every 15 seconds. You can adjust the scan cycle 
settings to meet the needs of your GroupWise® system. 


1 In ConsoleOne®, browse to and right-click the MTA object, then click Properties. 
2 Click GroupWise > Agent Settings to display the Agent Settings page. 


DS Rights + | Other | Rights to Files and Folders | 


Scan Cycle: EEE seconds 
Scan High: [6 + seconds 
Attach Retry: [600 + seconds 
IV Enable Automatic Database Recovery 


[F Use 2nd High Priority Scanner 





[T Use 2nd Mail Priority Scanner 


SNMP Community "Get" String: 








HTTP Settings 





HTTP User Name: [ 


HTTP Password: Set Password 


Page Options... | Cancel | 








3 Decrease the number of seconds in the Scan Cycle field if you want the MTA to scan the 
regular and low priority gueues (2-7) more often. 


Or 


Increase the number of seconds in Scan Cycle field if you want the MTA to scan the regular and 
low priority queues (2-7) less often. 


4 Decrease the number of seconds in the Scan High field if you want the MTA to scan the high 
priority queues (0-1) more often. 


or 


Increase the number of seconds in the Scan High field if you want the MTA to scan high 
priority queues (0-1) less often. 


For the locations and specific uses of the MTA input queues, see “Message Transfer/Storage 
Directories” in GroupWise 7 Troubleshooting 3: Message Flow and Directory Structure. 


5 Click OK to save the new scan cycle settings. 
ConsoleOne then notifies the MTA to restart so the new settings can be put into effect. 


Corresponding Startup Switches 
You can also use the /cylo and /cyhi switches in the MTA startup file to adjust the MTA scan cycle. 


MTA Web Console 
You can check the current MTA scan cycle on the Configuration page under the Performance 
Settings heading. 
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43.2.3 Adjusting the Number of MTA Scanner Threads for the 
Domain and Post Offices 


When using mapped or UNC links, the MTA automatically starts one high priority scanner thread 
for the priority 0 and 1 subdirectories of its input queues. It also starts a second scanner thread for 
the priority 2-7 subdirectories. This default configuration can create a bottleneck under some 
circumstances: 


¢ The priority 0 subdirectory is used for Busy Search requests from GroupWise client users. The 
priority 1 subdirectory is used by Group Wise Remote users. If your GroupWise system serves a 
large number of very active GroupWise Remote users, the MTA can stay busy processing 
requests from Remote users, causing other users to experience a delay in response to a Busy 
Search request. 


+ The priority 2 subdirectory is used for administrative messages and high priority user 
messages. Priority 3-7 subdirectories are used for regular and low priority messages and status 
messages. Certain administrative activities, such as moving a large number of users or purging 
trash, can create numerous administrative messages in the priority 2 subdirectory, causing users 
to experience a delay in receiving high priority as well as regular messages. 


For the locations of the MTA input queues, see “Message Transfer/Storage Directories” in 
GroupWise 7 Troubleshooting 3: Message Flow and Directory Structure. 


You can configure the MTA so that it starts separate scanner threads to service the priority 0 and 1 
subdirectories and/or separate scanner threads for the 2-3 and 4-7 subdirectories. 





IMPORTANT: Do not try to run more than one MTA for the same domain. 





1 In ConsoleOne, browse to and right-click the MTA object, then click Properties. 
2 Click GroupWise > Agent Settings to display the Agent Settings page. 


Properties of MTA 


| NDS Rights v | Other | Rights to Files and Folders: | 


Scan Cycle: 15 £| seconds 


Scan High: 5 4 seconds 





Attach Retry: [ 600 4 seconds 
IV Enable Automatic Database Recovery 

TÜ Use 2nd High Priority Scanner 
T Use 2nd Mail Priority Scanner 








SNMP Community "Get" String: 


HTTP Settings 





HTTP User Name: [ 


HTTP Password: Set Password 


Page Options... | Cancel | 








3 Select Use 2nd High Priority Scanner to provide separate MTA scanner threads for Busy 
Searches and GroupWise Remote users. 
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4 Select Use 2nd Mail Priority Scanner to provide separate MTA scanner threads for 
administrative messages and high priority user messages vs. regular and low priority messages. 


These settings can be used separately (creating three MTA scanner threads) or together 
(creating four MTA scanner threads). 


Priorit Default 2nd High 2nd Mail Both Second 
Primary Use Di y A Priority Priority Priority 
irectory Operation 
Scanner Scanner Scanners 
Busy searches wpcsin\0 High priority High priority High priority High priority 
scanner thread scannerthread scanner thread scanner thread 
one one 
GroupWise wpcsin\1 High priority High priority 
Remote user scannerthread scannerthread 
requests two two 
Administrative wpcsin\2 Mail priority Mail priority Mail priority Mail priority 
reguests and scanner thread scanner thread scannerthread scannerthread 
high priority one one 
messages 
High priority wpcsin\3 
statuses 
Normal priority wpcsin\4 Mail priority Mail priority 
messages scannerthread scannerthread 
two two 
Normal priority  wpcsin\5 
statuses 
Low priority wpcsin\6 
messages 
Low priority wpcsin\7 
statuses 
Total Scanner Threads 2 3 3 4 
in Use: 


5 Click OK to save the new scanner thread settings. 


ConsoleOne then notifies the MTA to restart so the new setting can be put into effect. 


Corresponding Startup Switches 
You can also use the /fast0 and /fast4 switches in the MTA startup file to adjust the allocation of 
MTA scanner threads. 


MTA Web Console 
You can check the current MTA scan cycle on the Configuration page under the Performance 
Settings heading. 


43.3 Optimizing the Routing Queue 


Using startup switches in the MTA startup file, you can fine-turn MTA processing in of the routing 
queue. When the MTA starts, it starts one or more router threads to process its routing queue 
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(gwinprog). As messages arrive in the routing queue, it starts additional routers as needed, within 
parameters you can set. 


+ Section 43.3.1, “Adjusting the Maximum Number of Active Router Threads,” on page 680 
+ Section 43.3.2, “Adjusting the Maximum Number of Idle Router Threads,” on page 680 


MTA Web Console 
You can view the current contents of the routing queue from the Status page. Click Router under the 
Queue Information heading. 


43.3.1 Adjusting the Maximum Number of Active Router 
Threads 


By default, the MTA continues to start additional router threads to processes messages in the routing 
queue as long as message traffic demands it, until as many as 16 router threads are running. Use the 
/maxrouters switch in the MTA startup file to control the number of router threads the MTA can 
Start. 


Set /maxrouters to a lower number to conserve resources and keep the MTA from starting more than 
the specified maximum number of router threads. 


43.3.2 Adjusting the Maximum Number of Idle Router Threads 


By default, after the MTA starts a router thread, it keeps it running, up to the maximum number 
specified by the /maxrouters switch. In a system where short bursts of heavy message traffic are 
followed by extended lulls, idle router threads could be consuming resources that would be better 
used by other processes. Use the /maxidlerouters switch in the MTA startup file to determine how 
many idle router threads are allowed to remain running. The default is 16 idle router threads. 


Set /maxidlerouters to a lower number if you want the MTA to terminate idle router threads more 
quickly. Set /maxidlerouters to a higher number if you want the MTA to keep more idle router 
threads ready to process incoming message traffic. 


43.4 Adjusting MTA Polling of Closed Locations 


When a location becomes closed (unavailable), the MTA waits before attempting to recontact that 
location. If the MTA waits only a short period of time, the MTA can waste time and create network 
traffic by trying to reestablish a connection with a closed location. On the other hand, you do not 
want the MTA to ignore an available location by waiting too long. 


By default, the MTA waits 600 seconds (10 minutes) between its attempts to contact a closed 
location. You can adjust the time interval the MTA waits to meet the needs of your GroupWise 
system. 


1 In ConsoleOne, browse to and right-click the MTA object, then click Properties. 
2 Click GroupWise > Agent Settings to display the Agent Settings page. 
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Properties of MTA 


NDS Rights + | Other | Rights to Files and Folders | 


Scan Cycle: EGE seconds 
Scan High: [5 + seconds 
Attach Retry: [ 600 + seconds 
IV Enable Automatic Database Recovery 


[~ Use 2nd High Priority Scanner 





[T Use 2nd Mail Priority Scanner 





SNMP Community "Get" String: 


HTTP Settings: 





HTTP User Name: | 


HTTP Password: Set Password 


Page Options... | Cancel | 








3 Decrease the number of seconds in the Attach Retry field if you want the MTA to try to contact 
closed locations more often. 


or 


Increase the number of seconds in Attach Retry field if you want the MTA to try to contact 
closed locations less often. 


4 Click OK to save the new Attach Retry setting. 
ConsoleOne then notifies the MTA to restart so the new setting can be put into effect. 
For a TCP/IP link, a location is considered open if the MTA receives a response from the receiving 


agent within the currently configured wait intervals. See Section 43.1.2, “Adjusting the MTA Wait 
Intervals for Slow TCP/IP Connections,” on page 676. Otherwise, the location is considered closed. 


For a mapped or UNC link, a location is considered open if the MTA can perform the following 
actions: 


+ Create a temporary directory in the MTA input queue (domain\wpcsin and 
post officeXwpcsin directories) 

+ Create a temporary file in that new directory 

+ Delete the temporary file 

+ Delete the temporary directory 


For more information about the MTA input queues, see “Message Transfer/Storage Directories” in 
GroupWise 7 Troubleshooting 3: Message Flow and Directory Structure. 
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Using MTA Startup Switches 


You can override settings provided in ConsoleOne® by using startup switches in the MTA startup 
file. When you run the Agent Installation program, an initial MTA startup file is created in the agent 
installation directory. It is named using the first 8 characters of the domain name with a .mta 
extension. This initial startup file includes the /home startup switch set to the location of the domain 
directory. 


Startup switches specified on the command line override those in the startup file. Startup switches in 
the startup file override corresponding settings in ConsoleOne. 


The table below summarizes MTA startup switches for all platforms and how they correspond to 
configuration settings in ConsoleOne. 


Switch starts with: abcdefghijklmnopqrstuvwxyz 


Table 44-1 MTA Startup Switches 


NetWare MTA Linux MTA Windows MTA ConsoleOne Settings 
@filename @filename @filename N/A 

N/A --activelog /activelog N/A 

/certfile --certfile /certfile Certificate File 

lcyhi --cyhi lcyhi Scan High 

lcylo --cylo Icylo Scan Cycle 


/defaultroutingdomain 


--defaultroutingdomain 


/defaultroutingdomain 


Default Routing Domain 


/dn N/A N/A N/A 

/fastO --fastO /fastO Use 2nd High Priority Scanner 
/fast4 --fast4 /fast4 Use 2nd Mail Priority Scanner 
/help --help /help N/A 

/home --home /home N/A 

/httppassword --httppassword /nttppassword HTTP Password 

/httpport --httpport /httpport HTTP Port 

/httprefresh --httprefresh /httprefresh N/A 

/httpssl --httpssl /nttpssl HTTP 

/httpuser --httpuser /nttpuser HTTP User Name 

lip --ip lip TCP/IP Address 

/keyfile --keyfile /keyfile SSL Key File 

/keypassword --keypassword /keypassword SSL Key File Password 
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NetWare MTA 
language 
/liveremote 

log 

/logdays 
/logdiskoff 
/loglevel 

/logmax 

/Irconn 
/Irwaitdata 
/maxidlerouters 
/maxrouters 
/messagelogdays 
/messagelogmaxsize 
/messagelogpath 
/messagelogsettings 
/msgtranssl 
/noada 

/nodns 
/noerrormail 
/nondssync 
/norecover 
/nosnmp 
/password 

N/A 

/tcpinbound 
/tcpport 
/tcpwaitconnect 
/tcpwaitdata 
/tracelogin 

/user 

/vsnoadm 


/work 


Linux MTA 
--language 
--liveremote 

--log 

--logdays 
--logdiskoff 
--loglevel 
--logmax 

--Irconn 
--Irwaitdata 
--maxidlerouters 
--maxrouters 
--messagelogdays 
--messagelogmaxsize 
--messagelogpath 
--messagelogsettings 
--msgtranssl 
--noada 

--nodns 
--noerrormail 
--nondssync 
--norecover 
--nosnmp 

N/A 

--show 
--tcpinbound 
--tcpport 
--tcpwaitconnect 
--tcpwaitdata 

N/A 

N/A 

--vsnoadm 


--work 
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Windows MTA 
/language 
/liveremote 

log 

/logdays 
llogdiskoff 
loglevel 

/logmax 

/Irconn 
Iirwaitdata 
/maxidlerouters 
/maxrouters 
/messagelogdays 
/messagelogmaxsize 
/messagelogpath 
/messagelogsettings 
/msgtranssl 
/noada 

/nodns 
/noerrormail 
/nondssync 
/norecover 
/nosnmp 

N/A 

N/A 

/tcpinbound 
/tcpport 
/tcpwaitconnect 
/tcpwaitdata 

N/A 

N/A 

/vsnoadm 


/work 


ConsoleOne Settings 
N/A 

N/A 

Log File Path 

Max Log File Age 
Logging Level 
Logging Level 

Max Log Disk Space 
N/A 

N/A 

N/A 

N/A 

Delete Reports After 
N/A 

Message Log File Path 
Message Logging Level 
Message Transfer SSL 
N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

Network Address 
N/A 

N/A 

N/A 

N/A 

N/A 

N/A 


44.1 @filename 


Specifies the location of the MTA startup file. On NetWare® and Windows, the full path must be 
included if the file does not reside in the same directory with the MTA program. On Linux, the 
startup file always resides in the /opt/novell/groupwise/agents/share directory. The 
startup file must reside on the same server where the MTA is installed. 


NetWare MTA Linux MTA Windows MTA 
Syntax: @[vol:][\dinJfile @[/dir/|file @[drive:][\din\|file 
Example: load gwmta @provo2.mta Jgwmta @../share/ gwmta.exe @provo2.mta 
load gwmta @sys:\agt\provo2.mta Inxdom.mta gwmta.exe @d:\agt\provo2.mta 


44.2 lactivelog 


Displays the active log window rather than the alert box when the MTA starts. See Section 42.1.1, 
“Monitoring the MTA from the MTA Server Console,” on page 645. 


NetWare MTA Linux MTA Windows MTA 


Syntax: N/A --activelog lactivelog 


44.3 /certfile 


Specifies the full path to the public certificate file used to provide secure SSL communication 
between the MTA and other programs. See Section 41.2.3, “Securing the Domain with SSL 
Connections to the MTA,” on page 629. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /certfile-[svA][vol:]\din file --certfile-/dir/file /certfile-[drive:]\dir\file 
/certfile-\\svAvoldir\file /certfile-\\svAsharename\dinfile 
Example:  /certfile-\ssl\gw.crt --certfile /certs/gw.crt /certfile-\ssl\gw.crt 
/certfile-server2\sys:\ssl\gw.crt /certfile-m:\ssl\gw.crt 
/certfile-\\server2\sys\ssl\gw.crt /certfile-\\server2\c\ssl\gw.crt 


See also /keyfile and /keypassword. 


44.4 Icyhi 


Sets the number of seconds in the scan cycle that the MTA uses to scan its priority 0-1 input queues. 
The default is 5 seconds. See Section 43.2.2, “Adjusting MTA Polling of Input Queues in the 
Domain, Post Offices, and Gateways,” on page 676. 


NetWare MTA Linux MTA Windows MTA 
Syntax: lcyhi-seconds --cyhi-seconds /cyhi-seconds 
Example: /cyhi-3 --cyhi 3 lcyhi-3 
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See also /cylo. 


44.5 /cylo 


Sets the number of seconds in the scan cycle that the MTA uses to scan its priority 2-7 input queues. 
The default is 15 seconds. See Section 43.2.2, “Adjusting MTA Polling of Input Queues in the 
Domain, Post Offices, and Gateways,” on page 676. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /cylo-seconds --cylo-seconds Icylo-seconds 
Example: /cylo-10 --cylo 10 lcylo-10 


See also /cyhi. 


44.6 /defaultroutingdomain 


Identifies the domain name in your Group Wise” system to which all MTAs should send messages 
when they cannot resolve the available routing information to a specific user.post office.domain 
Group Wise address. See Section 41.3.1, “Using Routing Domains,” on page 631. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /defaultroutingdomain- --defaultroutingdomain /defaultroutingdomain-domain 
domain domain 
Example /defaultroutingdomain- --defaultroutingdomain /defaultroutingdomain-inethub 
: inethub inethub 


44.7 Idn 


Specifies the Novell® eDirectory™ distinguished name of the NetWare MTA object to facilitate 
logging into remote servers and authenticating to eDirectory. It can be used instead of the /user and / 
password switches. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /dn-distinguished_name N/A N/A 
Example: /dn-MTA.provo2.GroupWise N/A N/A 


44.8 /fast0 


Causes the MTA to monitor and process the priority 0 and 1 subdirectories independently with 
separate scanner threads, rather than in sequence with the same scanner thread. See Section 43.2.3, 
“Adjusting the Number of MTA Scanner Threads for the Domain and Post Offices,” on page 678. 


NetWare MTA Linux MTA Windows MTA 


Syntax: /fast0 --fastO /fastO 
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See also /fast4. 


44.9 /fast4 


Causes the MTA to monitor and process the priority 2 and 3 subdirectories with a separate scanner 
thread from the priority 4 through 7 subdirectories. See Section 43.2.3, “Adjusting the Number of 
MTA Scanner Threads for the Domain and Post Offices,” on page 678. 


NetWare MTA Linux MTA Windows MTA 


Syntax: /fast4 --fast4 /fast4 


See also /fast0. 


44.10 /help 


Displays the MTA startup switch Help information. When this switch is used, the MTA does not 
start. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /help or /? --help or --? /help or /? 
Example: load gwmta.nim /help ./gwmta --help gwmta.exe /help 


44.11 /home 


Specifies the domain directory, where the MTA can access the domain database (wpdomain.db). 
There is no default location. You must use this switch in order to start the MTA 


NetWare MTA Linux MTA Windows MTA 
Syntax: /nome-[svn][vol:]\dir --home /dir /nome-[drive:]\dir 
/home-\\svrvohdir /home-\\svAsharename\dir 
Example: /home-\provo2 --home /gwsystem/provo2  /home-\provo2 
/home-mail:\provo2 /home-m:\provo2 
/home-server2\mail:\provo2 home-\\server2\c\mail\provo2 


/home-\\server2\mail\provo2 


44.12 /httppassword 


Specifies the password for the MTA to prompt for before allowing MTA status information to be 
displayed in your Web browser. Do not use an existing eDirectory password because the information 
passes over the insecure connection between your Web browser and the MTA. See Section 42.2, 
“Using the MTA Web Console,” on page 657. 
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NetWare MTA Linux MTA Windows MTA 


Syntax: /httppassword- --httppassword /httppassword- 

unique_password unique_password unique_password 
Exampl /httppassword-AgentWatch --httppassword AgentWatch  /httppassword-AgentWatch 
e: 


See also /httpuser, /httpport, /httprefresh, and /httpssl. 


44.13 /httpport 


Sets the HTTP port number used for the MTA to communicate with your Web browser. The default 
is 7180; the setting must be unique. See Section 42.2, “Using the MTA Web Console,” on page 657. 


NetWare MTA Linux MTA Windows MTA 
Syntax: Ihttpport-port number --httpport port number Ihttpport-port number 
Example: — /httpport-3801 --httpport 3802 /httpport-3803 


See also /httpuser, /httppassword, /httprefresh, and /httpssl. 


44.14 /httprefresh 


Specifies the rate at which the MTA refreshes the status information in your Web browser. The 
default is 60 seconds. See Section 42.2, “Using the MTA Web Console,” on page 657. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /nttprefresh-seconds --httprefresh seconds /httprefresh-seconds 
Example: /httprefresh-30 --httprefresh 90 /httprefresh-120 


See also /httpuser, /httppassword, /httpport, and /httpssl. 


44.15 /httpssl 


Enables secure SSL communication between the MTA and the MTA Web console displayed in your 
Web browser. See Section 41.2.3, “Securing the Domain with SSL Connections to the MTA,” on 
page 629. 


NetWare MTA Linux MTA Windows MTA 


Syntax: /httpssl --httpssl /httpssl 


See also /certfile, /keyfile, and/keypassword. 
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44.16 /httpuser 


Specifies the username for the MTA to prompt for before allowing MTA status information to be 
displayed in your Web browser. Providing a username is optional. Do not use an existing eDirectory 
username because the information passes over the insecure connection between your Web browser 
and the MTA. See Section 42.2, “Using the MTA Web Console,” on page 657. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /httpuser-unique_name --httpuser unique_name /httpuser-unique_name 
Example: /httpuser-GWWebCon --httpuser GWWebCon /httpuser-GWWebCon 


See also /httppassword, /httpport, and /httprefresh. 


44.17 lip 


Binds the MTA to a specific IP address when the server where it runs uses multiple IP addresses. 
The specified IP address is associated with both ports used by the MTA (message transfer and 
HTTP) Without the /ip switch, the MTA binds to all available IP addresses. See Section 41.1.5, 
“Binding the MTA to a Specific IP Address,” on page 625. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /ip-/P_address --ip IP. address lip-IP. address 
lip-"full DNS name” --ip “full DNS name” lip-"full DNS name” 
Example /ip-172.16.5.18 --ip 172.16.5.18 lip-172.16.5.18 
/ip-’mtasvr.provo.novell.com”  --ip “mtasvr.provo.novell.com” /ip-’mtasvr.provo.novell.com” 


44.18 /keyfile 


Specifies the full path to the private file used to provide secure SSL communication between the 
MTA and other programs. See Section 41.2.3, “Securing the Domain with SSL Connections to the 
MTA,” on page 629. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /keyfile-[svA][vol:]\dir\file --keyfile /dir/file /keyfile-[drive:]\din\file 
/keyfile-\\svAvoldinfile /keyfile-\\svAsharename\dinfile 
Example: /keyfile-\ssl\gw.key --keyfile /ssl/gw.key  /keyfile-\ssl\gw.key 
/keyfile-server2\sys:\ssl\gw.key /keyfile-m:\ssl\gw.key 
/keyfile-\\server2\sys\ssl\gw.key /keyfile-\\server2\c\ssl\gw.key 


See also /certfile and /keypassword. 


44.19 /keypassword 


Specifies the password used to encrypt the private SSL key file when it was created. See 
Section 41.2.3, “Securing the Domain with SSL Connections to the MTA,” on page 629. 
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NetWare MTA Linux MTA Windows MTA 


Syntax: /keypassword-password --keypassword password /keypassword-password 


Example: /keypassword-gwssl --keypassword gwssl /keypassword-gwssl 


See also /certfile and /keyfile. 


44.20 /language 


Specifies the language to run the MTA in, using a two-letter language code as listed below. You 
must install the MTA in the selected language in order for the MTA to display in the selected 
language. 


The initial default is the language used in the domain. If that language has not been installed, the 
next default is the language used by the operating system. If that language has not been installed, the 
final default is English. You only need to use this switch if you need to override these defaults. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /language-code --language code /language-code 
Example:  /language-es --language de /anguage-fr 


The table below lists the valid language codes. Contact your local Novell sales office for 
information about language availability. 


Language oe Language ae 
Arabic AR Hungarian MA 
Chinese-Simplified CS Italian IT 
Chinese-Traditional CT Japanese NI 
Czechoslovakian CZ Korean KR 
Danish DK Norwegian NO 
Dutch NL Polish PL 
English-United States US Portuguese-Brazil BR 
Finnish SU Russian RU 
French-France FR Spanish ES 
German-Germany DE Swedish SV 
Hebrew HE 


For more information, see Chapter 7, “Multilingual GroupWise Systems,” on page 105. 
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44.21 /liveremote 


Turns on re-direction of Remote client requests and provides the TCP port on which the MTA listens 
for Remote client requests. See Section 41.2.2, “Enabling Live Remote,” on page 629. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /liveremote-port_number /liveremote-port_number /liveremote-port_ number 
Example: /liveremote-7111 /liveremote-7112 /liveremote-7112 


See also /Irconn and /lrwaitdata. 


44.22 llog 


Specifies the directory where the MTA will store its log files. The default location varies by 
platform. 


NetWare: mslocal subdirectory in the directory specified by the /work switch 
Linux: /var/log/novell/groupwise/domain_name.mta 
Windows: mslocal subdirectory in the directory specified by the /work switch 


For more information, see Section 42.3, “Using MTA Log Files,” on page 665. 


NetWare MTA Linux MTA Windows MTA 
Syntax: Nog-[svA][vol:]\dir --log /dir log-[drive:]\dir 
1log-MsvnAvohdir log-\\svñsharename\dir 
Example:  /log-\agt\log --log /gwsystem/logs /log-\agt\log 
/log-server2\mail:\agt\log /log-m:\agt\log 
/log-\\server2\mail\agt\log /log-\\server2\c\mail\agt\log 


Typically you would find multiple log files in the specified directory. The first 4 characters represent 
the date. The next 3 characters identify the agent. A three-digit extension allows for multiple log 
files created on the same day. For example, a log file named 0518mta.001 would indicate that it 
is an MTA log file, created on May 18. If you restarted the MTA on the same day, a new log file 
would be started, named 051 8mta.002. 


See also /loglevel, /logdiskoff, /logdays, and /logmax. 


44.23 /logdays 


Sets the number of days you want MTA log files to remain on disk before being automatically 
deleted. The default log file age is 7 days. See Section 42.3, “Using MTA Log Files,” on page 665. 


NetWare MTA Linux MTA Windows MTA 


Syntax: /logdays-days --logdays days /logdays-days 


Using MTA Startup Switches 


691 


NetWare MTA Linux MTA Windows MTA 


Example: — /logdays-5 --logdays 10 /logdays-14 


See also /log, /loglevel, /logdiskoff, and /logmax. 


44.24 Jlogdiskoff 


Turns off disk logging for the MTA so no information about the functioning of the MTA is stored on 
disk. The default is for logging to be turned on. See Section 42.3, “Using MTA Log Files,” on 
page 665. 


NetWare MTA Linux MTA Windows MTA 


Syntax: Nogdiskoff --logdiskoff Nogdiskoff 


See also /loglevel. 


44.25 /loglevel 


Controls the amount of information logged by the MTA. Logged information is displayed in the log 
message box and written to the MTA log file during the current agent session. The default is 
Normal, which displays only the essential information suitable for a smoothly running MTA. Use 
Verbose to display the essential information, plus additional information helpful for troubleshooting. 
Verbose logging does not degrade MTA performance, but log files saved to disk consume more disk 
space when verbose logging is in use. See Section 42.3, “Using MTA Log Files,” on page 665. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /loglevel-level --loglevel level /loglevel-level 
Example:  /loglevel-verbose --loglevel verbose /loglevel-verbose 


See also /log, /logdiskoff, /logdays, and /logmax. 


44.26 /logmax 


Sets the maximum amount of disk space for all MTA log files. When the specified disk space is 
consumed, the MTA deletes existing log files, starting with the oldest. The default is 65536 KB of 
disk space for all MTA log files. See Section 42.3, “Using MTA Log Files,” on page 665. 


NetWare MTA Linux MTA Windows MTA 
Syntax: Ilogmax-kilobytes --logmax kilobytes Ilogmax-kilobytes 
Example:  /logmax-32000 --logmax 130000 /logmax-160000 


See also /log, /loglevel, /logdiskoff, and /logdays. 
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44.27 Ilrconn 


Specifies the maximum number of simultaneously connected Remote client users the MTA can 
accept. The default is 25. See Section 41.2.2, “Enabling Live Remote,” on page 629. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /Irconn-number --Irconn number /Irconn-number 
Example: /Irconn-50 --Irconn 75 /Irconn-100 


See also /liveremote and /lrwaitdata. 


44.28 Ilrwaitdata 


Specifies the number of seconds you want the MTA to wait for a response from the PO before 
timing out for users in Remote mode. The default is 5 minutes. See Section 41.2.2, “Enabling Live 
Remote,” on page 629. 


NetWare MTA Linux MTA Windows MTA 
Syntax: Iirwaitdata-number --Irwaitdata number irwaitdata-number 
Example: /Irwaitdata-7 --Irwaitdata-10 Iirwaitdata-12 


See also /liveremote and /lrconn. 


44.29 /maxidlerouters 


Specifies the maximum number of'idle router threads the MTA can keep running. The default is 16; 
valid values range from 1 to 16. See Section 43.3, “Optimizing the Routing Oueue,” on page 680. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /maxidlerouters-threads --maxidlerouters threads /maxidlerouters-threads 
Example: /maxidlerouters-5 --maxidlerouters 10 /maxidlerouters-12 


See also /maxrouters. 


44.30 /maxrouters 


Specifies the maximum number of router threads the MTA can start. The default is 16; valid values 
range from 1 to 16. See Section 43.3, “Optimizing the Routing Queue,” on page 680. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /maxrouters-threads --maxrouters threads /maxrouters-threads 
Example: /maxrouters-10 --maxrouters 12 /maxrouters-14 
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See also /maxidlerouters. 


44.31 /messagelogdays 


Sets the number of days you want MTA message log files to remain on disk before being 
automatically deleted. The default is 7 days. See Section 41.4.2, “Enabling MTA Message 
Logging,” on page 643. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /messagelogdays-days --messagelogdays days /messagelogdays-days 
Example: /messagelogdays-5 --messagelogdays 10 /messagelogdays-14 


See also /messagelogsettings, /messagelogpath, and /messagelogmaxsize. 


44.32 Imessagelogmaxsize 


Sets the maximum size for MTA message log files. The default is 65536 KB. See Section 41.4.2, 
“Enabling MTA Message Logging,” on page 643. 


NetWare MTA Linux MTA Windows MTA 

Syntax: /messagelogmaxsize- --messagelogmaxsize /messagelogmaxsize-kilobytes 
kilobytes kilobytes 

Example /messagelogmaxsize-32000 --messagelogmaxsize /messagelogmaxsize-160000 

: 130000 


See also /messagelogsettings, /messagelogpath, and /messagelogdays. 


44.33 /messagelogpath 


Specifies the directory for the MTA message log. The default location is mloscal\msglog. See 
Section 41.4.2, “Enabling MTA Message Logging,” on page 643. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /messagelogpath-[svñAl[vol:]\dir --messagelogpath /dir /messagelogpath-[drive:]\dir 
/messagelogpath-\\svr\voldir /messagelogpath- 
\\svAsharename\dir 
Example /messagelogpath-\mta\log --messagelogpath /gwsys/ /messagelogpath-\mta\log 
/messagelogpath- logs 
svr2\mail:\mta\log /messagelogpath-m:\mta\log 
/messagelogpath- /messagelogpath- 
\\svr2\mail\mta\log \\svr2\c\mail\mta\log 


See also /messagelogsettings, /messagelogdays, and /messagelogmaxsize. 
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44.34 /messagelogsettings 


Enables MTA message logging. See Section 41.4.2, “Enabling MTA Message Logging,” on 
page 643. 


NetWare MTA Linux MTA Windows MTA 


Syntax: /messagelogsettings-codes --messagelogsettings codes /messagelogsettings-codes 


Example: /messagelogsettings-e --messagelogsettings e /messagelogsettings-e 
See also /messagelogpath, /messagelogdays, and /messagelogmaxsize. 


44.35 /msgtranssl 


Enables secure SSL communication between the MTA and the POAs in its domain. See 
Section 41.2.3, “Securing the Domain with SSL Connections to the MTA,” on page 629. 


NetWare MTA Linux MTA Windows MTA 


Syntax: /msgtranssl --msgtranssl /msgtranssl 
See also /certfile, /keyfile, and /keypassword. 


44.36 /noada 


Disables the MTA admin thread. For an explanation of the MTA admin thread, see “MTA Admin 
Thread Status Box” on page 648. 


NetWare MTA Linux MTA Windows MTA 


Syntax: /noada --noada /noada 


Historical Note: In GroupWise 5.2 and earlier, a separate agent, the Administration Agent (ADA), 
handled the functions now consolidated into the MTA admin thread. Hence the switch name, /noada. 


44.37 /nodns 


Disables DNS lookups for the MTA. See “Using Dynamic Internet Links” in “Connecting to 
Group Wise 5.x, 6.x, and 7.x Systems” in the GroupWise 7 Multi-System Administration Guide. 


NetWare MTA Linux MTA Windows MTA 


Syntax: /nodns --nodns /nodns 


44.38 /noerrormail 


Prevents error files from being sent to the GroupWise administrator. The default is for error mail to 
be sent to the administrator. See Section 42.7, “Notifying the Domain Administrator,” on page 671. 
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NetWare MTA Linux MTA Windows MTA 


Syntax: /noerrormail --noerrormail /noerrormail 


44.39 /nondssync 


Disables eDirectory user synchronization. See Section 41.4.1, “Using eDirectory User 
Synchronization,” on page 638. 


NetWare MTA Linux MTA Windows MTA 


Syntax: /nondssync --nondssync N/A 


44.40 /norecover 


Disables automatic database recovery. The default is for automatic database recovery to be turned 
on. If the MTA detects a problem with the domain database (wpdomain. db) when automatic 
database recovery has been turned off, the MTA will notify the administrator, but it will not recover 
the problem database. See Chapter 26, “Maintaining Domain and Post Office Databases,” on 

page 377. 


NetWare MTA Linux MTA Windows MTA 


Syntax: /norecover --norecover /norecover 


44.41 /nosnmp 


Disables SNMP for the MTA. The default is to have SNMP enabled. See Section 42.6, “Using an 
SNMP Management Console,” on page 667. 


NetWare MTA Linux MTA Windows MTA 


Syntax: /nosnmp --nosnmp /nosnmp 


44.42 Ipassword 


Provides the password for the NetWare MTA to use when accessing domains and post offices on 
remote servers 


NetWare MTA Linux MTA Windows MTA 
Syntax: /password-NetWare_password N/A N/A 
Example: /password-GWise N/A N/A 


See also /user and /dn. 
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44.43 --show 


Starts the Linux MTA with a server console interface similar to that provided for the NetWare and 
Windows MTAs. This user interface requires that the X Window System and Open Motif be running 
on the Linux server. 


The --show switch cannot be used in the MTA startup file. Therefore, the MTA never runs with a 
user interface if it is started automatically whenever the server restarts. 
NetWare MTA Linux MTA Windows MTA 


Syntax: N/A --show N/A 


44.44 /tcpinbound 


Sets the maximum number of inbound TCP/IP connections for the MTA. The default is 40. There is 
no maximum number of outbound connections. The only limit on the MTA for outbound 
connections is available resources. See Section 43.1.1, “Adjusting the Number of MTA TCP/IP 
Connections,” on page 675. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /tcpinbound-number --tcpinbound number /tcpinbound-number 
Example:  /tcpinbound-50 --tcpinbound 60 /tcpinbound-70 


44.45 /tcpport 


Sets the TCP port number on which the MTA listens for incoming messages. The default is 7100. 
See “Using TCP/IP Links between Domains” on page 618. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /tcpport-port_number --tcpport port_number /tcpport-port_number 
Example:  /tcpport-7200 --tcpport 7200 /tcpport-7200 


44.46 /tcpwaitconnect 


Sets the maximum number of seconds the MTA waits for a connection to another MTA. The default 
is 5. See Section 43.1.2, “Adjusting the MTA Wait Intervals for Slow TCP/IP Connections,” on 
page 676. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /tcpwaitconnect-seconds --tcpwaitconnect seconds  /tcpwaitconnect-seconds 
Example: /tcpwaitconnect-10 --tcpwaitconnect 10 /tcpwaitconnect-10 


See also /tcpwaitdata. 
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44.47 Itcpwaitdata 


Sets the maximum number of seconds the MTA attempts to send data over a TCP/IP connection to 
another MTA. The default is 20. See Section 43.1.2, “Adjusting the MTA Wait Intervals for Slow 
TCP/IP Connections,” on page 676. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /tcpwaitdata-seconds --tcpwaitdata seconds /tcpwaitdata-seconds 
Example: /tcpwaitdata-30 --tcpwaitdata 30 /tcpwaitdata-30 


See also /tcpwaitconnect. 


44.48 /tracelogin 


Displays NetWare MTA login messages on the NetWare server console to help determine problems 
the MTA is having when logging in to a remote server. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /tracelogin-code N/A N/A 
Example: — /tracelogin-1 N/A N/A 


Code Description 


1 Display login problems 
2 Display all login messages 


44.49 /user 


Provides the NetWare user ID for the NetWare MTA to use when accessing domains and post offices 
on remote servers. See “Creating a NetWare Account for Agent Access (Optional)” in the 
GroupWise 7 Installation Guide. 


NetWare MTA Linux MTA Windows MTA 
Syntax: luser-NetWare user ID N/A N/A 
Example:  /user-GWAgents N/A N/A 


See also /password and /dn. 


44.50 /vsnoadm 


Prevents GroupWise administration messages from being processed by an integrated virus scanner. 
Because administration messages are created within your GroupWise system, they are not likely to 
contain viruses. In a GroupWise system with a large amount of administrative activity (adding users, 
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deleting users, etc.), skipping the virus scanning of administrative messages can speed up processing 
of users’ e-mail messages. 
NetWare MTA Linux MTA Windows MTA 


Syntax: /vsnoadm --vsnoadm /vsnoadm 


44.51 /work 


Specifies the directory where the MTA creates its local working directory (msloca1). The default 
is the domain directory. However, if the domain is located on a different server from where the MTA 
will run, use a local directory so the MTA cannot lose its connection to its mslocal directory. 


NetWare MTA Linux MTA Windows MTA 
Syntax: /work-[svaA][vol:]\dir --work /dir /work-[drive:]\dir 
/work-\\svr\voldir /work-\\svrAsharename\dir 
Example: /work-\gwmta --work /gwmta /work-\gwmta 
/work-mail:gwmta /work-m:\gwmta 
/work-server2\mail:\gwmta work-\\server2\c\mail\gwmta 


/work-\\server2\mail\gwmta 
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Internet Agent 


+ Chapter 45, “Configuring Internet Addressing,” on page 703 
+ Chapter 46, “Configuring Internet Services,” on page 717 

+ Chapter 47, “Managing Internet Access,” on page 747 

+ Chapter 48, “Configuring the Internet Agent,” on page 769 
+ Chapter 49, “Monitoring the Internet Agent,” on page 775 

+ Chapter 50, “Optimizing the Internet Agent,” on page 799 


+ Chapter 51, “Connecting GroupWise Systems and Domains Using the Internet Agent,” on 
page 805 


+ Chapter 52, “Using Internet Agent Startup Switches,” on page 813 
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Configuring Internet Addressing 


By default, Group Wise? uses a proprietary address format consisting of a user's ID, post office, and 
domain (userID post office.domain). However, when you install the GroupWise Internet Agent, 
Group Wise also supports native Internet-style addressing consisting of a username and Internet 
domain name (for example, userID(dInternet domain name). 


Internet-style addressing is the preferred addressing format if you are connected to the Internet, 
because with Internet-style addressing, users have the same address within the Group Wise system as 
they do outside the Group Wise system. For example, if John Smith’s address at Novell? is 
jsmith@novell.com, this address can be used by users within the Group Wise system and users 
external to the system. 


To set up Internet addressing, you do the following: 
¢ Define Internet domain names for your GroupWise system. You can have one or more domain 
names (for example, novell.com, gw.novell.com, and support.novell.com). 


+ Set up the default Internet address format for use when displaying user addresses in the 
GroupWise Address Book and sent messages. There are six formats that can be assigned at the 
system, domain, post office, or user level. In addition, there is a free-form format that can be 
used at the user level. 


+ Designate the address formats that can be used to address messages to your Group Wise users. 
There are five possible formats to choose from. You can allow all five formats, or only one. 


+ Specify the default Internet Agent to be used when sending messages from your Group Wise 
system to the Internet. This becomes your system’s default Internet Agent for outbound 
messages sent from all domains; however, if you have multiple Internet Agents, you can 
override this setting by assigning Internet Agents at the domain level. 


The following sections help you plan and set up Internet addressing: 


+ Section 45.1, “Planning Internet Addressing,” on page 703 
+ Section 45.2, “Setting Up Internet Addressing,” on page 708 


+ Section 45.3, “Transitioning from SMTP Gateway Aliases to Internet Addressing,” on 
page 713 


45.1 Planning Internet Addressing 


The following sections help you prepare to set up Internet-style addressing for your Group Wise 
system: 

+ Section 45.1.1, “Internet Agent Requirement,” on page 704 

+ Section 45.1.2, “Internet Agents Used for Outbound Messages,” on page 704 

+ Section 45.1.3, “Internet Domain Names,” on page 704 

+ Section 45.1.4, “Preferred Address Format,” on page 704 

+ Section 45.1.5, “Allowed Address Formats,” on page 707 

+ Section 45.1.6, “Override Options,” on page 707 
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45.1.1 Internet Agent Requirement 


Internet addressing requires you to have the GroupWise Internet Agent installed in your Group Wise 
system. The Internet Agent connects your GroupWise system to the Internet. To install the Internet 
Agent, see “Installing the GroupWise Internet Agent” in the GroupWise 7 Installation Guide. 


45.1.2 Internet Agents Used for Outbound Messages 


Each domain in your Group Wise system must be assigned an Internet Agent for outbound messages. 
A domain’s assigned Internet Agent handles all outbound messages sent by the domain’s users. 


If your GroupWise system includes only one Internet Agent, that Internet Agent must be assigned to 
all domains and is used for all outbound messages. 


If your GroupWise system includes multiple Internet Agents, you must decide which Internet Agent 
you want to be responsible for outbound messages for each domain. You must select one Internet 
Agent as your system’s default Internet Agent, but you can override the default at each domain. 


45.1.3 Internet Domain Names 


You must associate at least one Internet domain (novell.com, gw.novell.com, support.novell.com, or 
so forth) with your GroupWise system. These Internet domains need to exist in the domain name 
service (DNS). 


After you have associated Internet domains with your GroupWise system, all users in your system 
can be addressed using any of the domains (for example, jsmith@novell.com, 
jsmith@gw.novell.com, and jsmith@support.novell.com). The addresses can be used both internally 
and externally. 


Preferred Internet Domain Name 


You must assign each GroupWise user a preferred Internet domain. Group Wise uses the preferred 
Internet domain name when constructing the e-mail address that are displayed in the GroupWise 
Address Book and in the To field of sent messages. 


To make this process easier, Group Wise lets you assign a preferred Internet domain to be used as the 
default for your GroupWise system (for example, novell.com). The system’s preferred Internet 
domain is applied to all users in your Group Wise system. However, you can override the system’s 
preferred Internet domain at the domain, post office, or user level, meaning that different users 
within your GroupWise system can be assigned different preferred Internet domains. For example, 
users in one domain can be assigned gw.novell.com as their preferred Internet domain while users in 
another domain are assigned support.novell.com. 


45.1.4 Preferred Address Format 


You must choose a preferred address format for your GroupWise users. Group Wise uses the 
preferred address format, along with the preferred Internet domain, to construct the e-mail addresses 
that are published in the GroupWise Address Book and in the To field of sent messages. 


GroupWise supports the following address formats: 


userID.post_office.domain@internet_domain_name 
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userID.post_office@internet_domain_name 
user[D@internet_domain_name 

firstname.lastname@internet_domain_name 
lastname.firstname@internet domain name 
firstinital lastname@internet domain name 


As with the preferred Internet domain, you must assign a preferred address format to be used as the 
default for your GroupWise system. The system’s preferred address format is applied to all users in 
your GroupWise system. However, you can override the system’s preferred address format at the 
domain, post office, and user/resource level. 


The following sections explain some of the advantages and disadvantages of each address format: 


+ “userID.post_office.domain@internet_domain_name” on page 705 
+ “userlD.post office@internet domain name” on page 705 

+ “userlD(dinternet domain name” on page 705 

+ ‘“firstname.lastname(@internet domain name” on page 706 

+ ‘“lastname.firstname(@internet domain name” on page 706 


+ “firstinitial lastname(@internet domain name” on page 706 
userliD.post office.domaindinternet domain name 


Advantages 
¢ Reliable format. GroupWise guarantees that each address is unique. 
¢ Identical usernames can be used in different post offices. 
Disadvantages 
+ Addresses tend to be long and hard to remember. 
+ Addresses might change over time as users are moved from one post office to another. 


userlD.post office(Dinternet domain name 


Advantages 


+ Guarantees uniqueness if all your post offices have unique names. 


¢ Identical usernames can be placed in different post offices. 


Disadvantages 


+ Addresses tend to be long and hard to remember. 


+ Addresses might change over time as users are moved from one post office to another. 
userlD@internet_domain_name 


Advantages 


+ Addresses are short and easy to remember. 
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+ Backwards-compatible with previous versions of GroupWise. (Users won't need to update their 
business cards.) 


+ Addresses do not change as users are moved. 


Disadvantages 


+ When you first enable this address format, you might have duplicate user IDs in your 
GroupWise system. However, in the future, ConsoleOne® prevents you from creating duplicate 
user IDs within the same Internet domain name. The same user ID can be used in different 
Internet domains without problem. 


firstname.lastname@internet_domain_name 


Advantages 


+ Addresses are intuitive and easy to remember. 


+ Addresses do not change as users are moved. 


Disadvantages 


+ When you first enable this address format, you might have duplicate first and last names in 
your Group Wise system. However, in the future, ConsoleOne prevents you from creating users 
with the same first and last names within the same Internet domain name. The same first name 
and last name combination can be used in different Internet domains without problem. 


¢ The probability of conflicts increases if any user’s first and last names match any GroupWise 
domain or post office name, if any two users have the same first and last names, or if any two 
users have the opposite first and last names (such as James Dean and Dean James). 


lastname.firstname@internet_domain_name 


Advantages 


+ Addresses are intuitive and easy to remember. 


+ Addresses do not change as users are moved. 


Disadvantages 


+ When you first enable this address format, you might have duplicate first and last names in 
your GroupWise system. However, in the future, ConsoleOne prevents you from creating users 
with the same first and last names within the same Internet domain name. The same last name 
and first name combination can be used in different Internet domains without a problem. 


+ The probability of conflicts increases if any user’s first and last names match any GroupWise 
domain or post office name, if any two users have the same first and last names, or if any two 
users have the opposite first and last names (such as James Dean and Dean James). 


firstinitial lastnameGinternet domain name 


Advantages 


+ Addresses are intuitive and easy to remember. 
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+ Addresses do not change as users are moved. 


Disadvantages 


+ When you first enable this address format, you might have duplicate first initial and last names 
in your Group Wise system. However, in the future, ConsoleOne prevents you from creating 
users with the same first initials and last names within the same Internet domain name. The 
same first initial and last name combination can be used in different Internet domains without 
problem 


¢ The probability of conflicts increases when using first initials instead of complete first names. 


45.1.5 Allowed Address Formats 


The preferred Internet domain and preferred address format apply to user addresses as displayed in 
the GroupWise Address Book or in the address displayed on sent messages. 


The allowed address formats, on the other hand, determine which address formats are accepted by 
the Internet Agent. There are five possible allowed formats: 


userID.post_office@internet_domain_name 
user[D@internet_domain_name 

firstname.lastname@internet_domain_name 
lastname.firstname@internet domain name 
firstinital lastname@internet domain name 


If you select all five formats, the Internet Agent accepts messages addressed to users in any of the 
formats. For example, John Peterson would receive messages sent using any of the following 
addresses: 


jpeterson.research@novell.com 
jpeterson@novell.com 
john.peterson@novell.com 
peterson.john@novell.com 
jpeterson@novell.com 


You must designate the allowed address formats to be used as the default formats for your 

Group Wise system. The system’s allowed address formats are applied to all users in your 

Group Wise system. However, you can override the system’s allowed address formats at the domain, 
post office, and user/resource level. 


For example, assume you have two John Petersons with userIDs of jpeterson and japeterson. The 
userID.post_office and userID address formats do not cause message delivery problems, but the 
firstname.lastname, lastname firstname, and firstinitial lastname address formats do. To overcome 
this problem, you could disallow the three problem formats for these users at the user level. 


45.1.6 Override Options 


In spite of the best planning, some e-mail addresses do not fit the rules and are not processed 
correctly. You can handle such addresses by overriding the regular address processing, as described 
in Section 45.2.3, “Overriding Internet Addressing Defaults,” on page 710. 
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45.2 Setting Up Internet Addressing 


The following sections help you to set up Internet addressing: 
+ Section 45.2.1, “Installing the Internet Agent,” on page 708 
+ Section 45.2.2, “Enabling Internet Addressing,” on page 708 
+ Section 45.2.3, “Overriding Internet Addressing Defaults,” on page 710 


45.2.1 Installing the Internet Agent 


Before you can set up Internet addressing, you must install the Group Wise Internet Agent. If you 
have not already installed the agent, see “Installing the GroupWise Internet Agent” in the 
Group Wise 7 Installation Guide. 


45.2.2 Enabling Internet Addressing 


1 In ConsoleOne, click Tools > Group Wise System Operations > Internet Addressing. 


Internet Addressing 


Preferred Address format: 





UserD@internet domain name 

1 Enable "First Initial Last Name" matching for incoming mail 
Allowed Address Formats 

[V UserlD Post Office@Internet domain name 

IV UserlD@Internet domain name 

[V Last Name First Name@internet domain name 


[V First Name Last Name@internet domain name 





[ First Initial Last Name@internet domain name 


Internet Domain Names 








Internet Agent for outbound SMTP/MIME messages: 
Provo1.GWMA lad 








Note: You must choose a default Internet Agent before you can define Internet 
Domain names. 





2 Inthe /nternet Agent for Outbound SMTP/MIME Messages list, select the Internet Agent to use 
as the default Internet Agent for your system. 


By default, each domain uses this Internet Agent for outbound messages sent by users in the 
domain. If you have multiple Internet Agents in your GroupWise system, you can override the 
default setting at the domain level. For more information, see “Domain Overrides” on 

page 710. 


3 Todefine an Internet domain, click Create to display the Internet Domain Name dialog box. 
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Internet domain name: 


Internet Domain Name: 


Description: 











4 Specify the Internet domain you want to define in your GroupWise system, then click OK to 
add it to the list of Internet domains. 


5 Repeat Step 3 and Step 4 for each Internet domain you want to define. 
When you finish, all Internet domains you want to define should be listed in the Internet 


Domain Names box. 


Internet Addressing 


Preferred Address format: 
|UserIb@Internet domain name 





T” Enable "First Initial Last Name" matching for incoming mail 


Allowed Address Formats 
IV UserID Post Office@Internet domain name 
IV UserD@internet domain name 
IV Last Name First Name@internet domain name 
IV First Name Last Name@internet domain name 


I First Initial Last Name@internet domain name 


Internet Domain Names 





YW novell.com 


gw .novell.com 





Internet Agent for outbound SMTP/MIME messages: 
Provot GWA =] 





Note: You must choose a default Internet Agent before you can define Internet 
Domain names. 





The preferred Internet domain is indicated by a check mark. This is the Internet domain name 
that is used when GroupWise constructs a user’s preferred e-mail address. A preferred e-mail 
address is the address that is published in the GroupWise Address Book and in the To field of 
sent messages. You can override the preferred Internet domain name at the domain, post office, 
and user/resource levels. For more information, see Section 45.2.3, “Overriding Internet 
Addressing Defaults,” on page 710. 


6 Ifthe Internet domain you want to be the default preferred domain for your GroupWise system 
is not already selected, select the desired Internet domain, then click Set Preferred Name. 


7 Inthe Preferred Address Format list, select your system’s default Internet address format. 


This is the format that is used when displaying addresses in the GroupWise Address Book and 
in a message’s From field if it is not overridden at a lower level. For a list of the available 
addressing formats and their respective advantages and disadvantages, see Section 45.1.4, 
“Preferred Address Format,” on page 704. 


You can override the preferred address format at the domain, post office, and user/resource 
levels. For more information, see Section 45.2.3, “Overriding Internet Addressing Defaults,” 
on page 710. 
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8 If desired, turn on the Enable "First Initial Last Name" Matching for Incoming Mail option. 


This option allows the Internet Agent to resolve addresses for incoming messages by 
performing first initial last name lookups on the username portion of the address. When doing 
so, the Internet Agent uses the first letter of the username as the first initial and the remainder 
of the username as the last name. It then resolves the address to any GroupWise users whose 
Last Name field (in their eDirectory User object properties) contains the last name and whose 
Given Name field starts with the first initial. 


For example, if the recipient’s address is jpeterson@novell.com, the first initial would be J and 
the last name would be Peterson. The address would resolve to the user whose Last Name field 
is Peterson and Given Name field starts with J. If more than one user’s given name starts with J 
(for example, John and Janice), the message is undeliverable. 


This option is useful if you want to be able to use the User[D@Internet_domain_name format 
but your userIDs do not really reflect your users’ actual names (for example, John Peterson’s 
user ID is 46789 so his address is 46789@novell.com). In this case, you could publish users’ 
addresses as the first initial last name (for example, jpeterson@novell.com) and enable this 
option so that the Internet Agent resolves the addresses to the appropriate users. 


9 Inthe Allowed Address Formats list, select the address formats that you want to be supported 
for incoming messages. GroupWise delivers a message to the recipient if any of the allowed 
formats have been used in the address. 


You can override the allowed address formats at the domain, post office, and user/resource 
levels. For more information, see Section 45.2.3, “Overriding Internet Addressing Defaults,” 
on page 710. 


10 Click OK to save your changes. 


If you changed the preferred address format, you are prompted to update the Internet e-mail 
address (User object > General > Identification > E-Mail Address) for all affected users. The 
Internet e-mail address is the address returned in response to LDAP queries to eDirectory™. It 
is recommended that you allow this update; however, performing it for the entire GroupWise 
system might take a while. 


At this point, Internet addressing is enabled. 


45.2.3 Overriding Internet Addressing Defaults 


All domains, post offices, and users/resources in your GroupWise system inherit the defaults 
(Internet Agent for outbound messages, preferred Internet domain name, preferred address format, 
and allowed address formats) you established when enabling Internet addressing for your system. 
However, if desired, you can override these defaults for individual domains, post offices, or users/ 
resources. 

+ “Domain Overrides” on page 710 

+ “Post Office Overrides” on page 711 


+ “User/Resource Overrides” on page 712 


Domain Overrides 


At the domain level, you can override all Internet addressing defaults assigned to your GroupWise 
system. 


1 In ConsoleOne, right-click a Domain object, then click Properties. 
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2 Click GroupWise > Internet Addressing. 


Properties of Provoi 


NDS Rights + | Other | Rights to Files and Folders | 


Override Preferred Address format: 


Defined at: Corporate Mail 





Allowed Address Formats 





Defined at: Corporate Mail 


Internet domain name: 


Defined at: Corporate Mail 
T For incoming mail, recipients are known exclusively by this Internet domain name 


Internet Agent for outbound SMTP/MIME messages: 


Defined at: Corporate Mail 


Alternate Internet Agent for outbound SMTP/MIME messages: 


<None> hé 


Page Options... | Cancel | 








3 To override one of the options, select the Override box, then select the option you prefer for 
this domain. 


4 Click OK to save the changes. 


If you changed the preferred address format, you are prompted to update the Internet e-mail 
address (User object > General > Identification > E-Mail Address) for all affected users. The 
Internet e-mail address is the address returned in response to LDAP queries to eDirectory. We 
recommend that you allow this update; however, performing it for an entire GroupWise domain 
might take a while. 


Post Office Overrides 


At the post office level, you can override the preferred Internet domain name, preferred address 
format, and allowed address formats the post office has inherited from its domain. You cannot 
override the Internet Agent that is assigned to handle outbound messages. 


1 In ConsoleOne, right-click a Post Office object, then click Properties. 
2 Click GroupWise > Internet Addressing. 
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Properties of Development 


Override | Preferred Address format: 


Defined at: Corporate Mail 


Allowed Address Formats 





Defined at: Corporate Mail 


Internet domain name: 


Defined at: Corporate Mail 
I For incoming mail, recipients are known exclusively by this Internet domain name 


Page Options... Cancel | 








3 To override one of the options, select the Override box, then select the option you prefer for 
this post office. 


If you need additional information about any of the fields, click Help. 
4 Click OK to save the changes. 


If you changed the preferred address format, you are prompted to update the Internet e-mail 
address (User object > General > Identification > E-Mail Address) for all affected users. The 
Internet e-mail address is the address returned in response to LDAP queries to eDirectory. We 
recommend that you allow this update; however, performing it for an entire Group Wise post 
office might take a while. 


User/Resource Overrides 


At the user and resource level, you can override the preferred Internet domain, preferred address 
format, and allowed address formats that the user/resource has inherited from its post office. You 
cannot override the Internet Agent that is assigned to handle outbound messages. 


1 In ConsoleOne, right-click a User or Resource object, then click Properties. 


2 Click GroupWise > Internet Addressing. 
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Properties of bgelsomino 


General 


Override | Preferred Address format: 


r 





Preferred EMail ID: 
@internet domain name 
Defined at: Corporate Mail 


Allowed Address Formats 





Defined at: Corporate Mail 


Internet domain name: 





Defined at: Corporate Mail 
I~ For incoming mail, recipients are known exclusively by this Internet domain name 





Page Options... | Cancel | 





3 To override one of the options, select the Override box, then select the option you prefer for 
this user or resource. 


At the user and resource level, the preferred address format can be completely overridden by 
explicitly defining the user portion of the address format (user@Internet domain name). The 
user portion can include any RFC-compliant characters (no spaces, commas, and so forth). 


For example, if you’ve selected First Name.Last Name@Internet domain name as your 
system’s preferred address format and you have two John Petersons, each on a different post 
office in your system, you would end up two users having the same address 
(John.Peterson@novell.com). You could use this field to differentiate them by including their 
middle initials in their address (John.S.Peterson@novell.com and 
John.A.Peterson@novell.com). 


You can use the same e-mail ID for more than one user in your GroupWise system, if each user 
is in a different Internet domain. Rather than requiring that each e-mail ID be unique in your 
GroupWise system, each combination of e-mail ID and Internet domain must be unique. This 
provides more flexibility for handling the situation where two people have the same name. 


If you need additional information about any of the fields, click Help. 
4 Click OK to save the changes. 


If you changed the preferred address format for a user, you are prompted to update the user’s 
Internet e-mail address (General > Identification > E-Mail Address). The Internet e-mail 
address is the address returned in response to LDAP queries to eDirectory. We recommend that 
you allow this update. 


45.3 Transitioning from SMTP Gateway Aliases 
to Internet Addressing 


For those who have been using SMTP gateway aliases to handle e-mail addresses that do not fit the 
default format expected by the Internet Agent or to customize users’ Internet addresses, the Gateway 
Alias Migration utility can convert the usernames in those gateway aliases into preferred e-mail IDs. 
The Preferred E-Mail ID feature was first introduced in GroupWise 6.5 and is the suggested method 
for overriding the current e-mail address format, as described in Section 14.7.2, “Changing a User’s 
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Internet Addressing Settings,” on page 236. The Gateway Alias Migration utility can also update 
users’ preferred Internet domain names based on their existing gateway aliases. 

+ Section 45.3.1, “Planning to Migrate Gateway Aliases,” on page 714 

+ Section 45.3.2, “Preparing to Migrate Gateway Aliases,” on page 714 

+ Section 45.3.3, “Performing the Gateway Alias Migration,” on page 714 

+ Section 45.3.4, “Verifying the Gateway Alias Migration,” on page 716 


45.3.1 Planning to Migrate Gateway Aliases 


You can migrate SMTP gateway aliases by individual user, by post office, by domain, or for your 
entire GroupWise system. Migrating at the post office level is recommended, although you can test 
the process by migrating individual users. Assess the gateway aliases in your Group Wise system and 
decide how you want to organize the migration process. 


The Gateway Alias Migration utility runs most efficiently if you are connected to the domain that 
owns the users whose aliases you are migrating. This reduces network traffic between domains 
during the migration process. 


The Gateway Alias Migration utility requires that you connect to a GroupWise 7 domain, although 
you can select users from 6.x and 5.x domains for migration. If you still have 4.x domains, you can 
migrate aliases by connecting to the GroupWise System object before connecting to a domain. 


Determine the domains you need to connect to as you perform the migration. 


45.3.2 Preparing to Migrate Gateway Aliases 


Before starting the SMTP gateway alias migration process: 


+ Validate each domain database (wodomain. db) that you will connect to in order to clean up 
any orphaned aliases that might exist. See Section 26.1, “Validating Domain or Post Office 
Databases,” on page 377. 


+ Create a current backup of each domain database before performing the migration. See 
Section 31.1, “Backing Up a Domain,” on page 407 


45.3.3 Performing the Gateway Alias Migration 
To run the Gateway Alias Migration utility in ConsoleOne: 


1 If you want to migrate all gateway aliases in your Group Wise system, connect to the primary 
domain in the GroupWise View. 


or 


If you want to migrate the gateway aliases in a particular domain or post office, connect to the 
domain where the aliases are located. 


2 Browse to and select the object representing the set of gateway aliases that you want to migrate 
(GroupWise system, domain, post office, or user). 


3 Click Tools > GroupWise Utilities > Gateway Alias Migration. 
4 Inthe SMTP Gateway Alias Type drop-down list, select the type of alias you want to migrate. 
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SMTP Gateway Alias Migration 


Gateway Aliases for objects in: Provo1 


Gateway Aliases 
Gateway Alias Object ID 
‘Complaints Provo1 Development askoczylas 


Mike@Corporate.com Provo1 Development mbarnard 
TheOfficeOfThePresident Provo1 Development gsmith 




















Select ait | 








The list of available gateway alias types is generated from the Gateway Alias Type fields on the 
Identification property pages of the Internet Agent objects in your Group Wise system. 


The resulting alias list provides the SMTP gateway aliases for all users associated with the 
object selected in Step 2. Ifthe list is extremely long, you can click Stop and just work with a 
subset of the alias list. 


The list does not include any aliases that have a pending operation on them. 
Select one or more gateway aliases to migrate. 
or 
Click Select All. 
Click Migrate to start the migration process. 
You are prompted for how to handle each gateway alias. 
+ Ifthe alias is just a username, you can select whether or not you want to use that username 


as the user's preferred e-mail ID. 


SMIP Gateway Alias Migration 


#ould you like to make the following changes for 
Provo1 Development gsmith? 


Override the current default EMail ID of "gsmith" with the Preferred 


EMail ID "TheOfficeOfThePresident" 





If you do, the username is transferred into the Preferred E-Mail ID field on the Internet 
Addressing property page of the User object. 


¢ Ifthe alias also includes an Internet domain name, you can select whether or not you want 
to use that Internet domain name with the user's preferred e-mail ID. 
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SMTP Gateway Alias Migration 


Would you like to make the following changes for 
Provo1 Development mbarnard? 


Cancel 


[V Set the Preferred EMail ID to "Mike" 
M 





Override the current default Internet domain name of 
"Corporate" with "Corporate com" 





If you do, the domain name is transferred into the Internet Domain Name field on the 
Internet Addressing property page of the User object. 





NOTE: For an internal user, if the Internet domain name is not defined in your 
Group Wise system under Jools > GroupWise System Operations > Internet Addressing, 
then the Internet domain name is not transferred into the Internet Domain Name field on 
the Internet Addressing property page of the User object. However, for external users, 
undefined Internet domain names are transferred into the Internet Domain Name field on 
the Internet Addressing property page of the External User or External Entity object. 

By default, both usernames and domain names are selected for migration. 


7 For each gateway alias, deselect the check boxes for any actions that you do not want the Alias 
Migration utility to perform, then click OK. 


For convenience when migrating multiple aliases, you can click OK to All to apply your current 
selections to all aliases. 


8 When the migration is complete, select a different gateway alias type to migrate. 
or 
Click Close. 


45.3.4 Verifying the Gateway Alias Migration 
To see what the Gateway Alias Migration utility has accomplished: 


1 Browse to and right-click a User object that used to have a gateway alias, then click Properties. 
2 Click GroupWise > Gateway Aliases. 

The alias list should be empty. 
3 On the same User object, click GroupWise > Internet Addressing. 


The Preferred EMail ID field should be filled in with the information from the old gateway 
alias. 
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Configuring Internet Services 


For detailed instructions about installing and starting the Internet Agent for the first time, see 
“Installing the GroupWise Internet Agent” in the GroupWise 7 Installation Guide. 


The Internet Agent offers several useful services that you can configure to meet the needs of your 
GroupWise® system. 

+ Section 46.1, “Configuring SMTP/MIME Services,” on page 717 

+ Section 46.2, “Configuring LDAP Services,” on page 737 

+ Section 46.3, “Configuring POP3/IMAP4 Services,” on page 739 

+ Section 46.4, “Configuring Paging Services,” on page 744 


46.1 Configuring SMTP/MIME Services 


SMTP and MIME are standard protocols that the GroupWise Internet Agent uses to send and receive 
e-mail messages over the Internet. SMTP, or Simple Mail Transfer Protocol, is the message 
transmission protocol. MIME, or Multipurpose Internet Mail Extension, is the message format 
protocol. Choose from the following topics for information about how to enable SMTP/MIME 
services and configure various SMTP/MIME settings: 

+ Section 46.1.1, “Configuring Basic SMTP/MIME Settings,” on page 717 

+ Section 46.1.2, “Using Extended SMTP (ESMTP) Options,” on page 720 

+ Section 46.1.3, “Configuring How the Internet Agent Handles E-Mail Addresses,” on page 721 

+ Section 46.1.4, “Determining Format Options for Messages,” on page 723 

+ Section 46.1.5, “Configuring the SMTP Timeout Settings,” on page 725 

+ Section 46.1.6, “Determining What to Do with Undeliverable Messages,” on page 726 

+ Section 46.1.7, “Configuring SMTP Dial-Up Services,” on page 727 

+ Section 46.1.8, “Enabling SMTP Relaying,” on page 731 

+ Section 46.1.9, “Using a Route Configuration File,” on page 732 

+ Section 46.1.10, “Customizing Delivery Status Notifications,” on page 732 

+ Section 46.1.11, “Managing MIME Messages,” on page 733 


46.1.1 Configuring Basic SMTP/MIME Settings 


Basic SMTP/MIME settings configure the following aspects of Internet Agent functioning: 


+ Number of send and receive threads that the Internet Agent starts and how often the send 
threads poll for outgoing messages 


+ Hostname of the server where the Internet Agent is running and of a relay host if your system 
includes one 


+ IP address to bind to at connection time if the server has multiple IP addresses 


+ Whether to use 7-bit or 8-bit encoding for outgoing messages 
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* How to handle messages that cannot be sent immediately and must be deferred 


+ Whether to display Group Wise version information when establishing an SMTP connection 
To set the Internet Agent basic SMTP/MIME settings: 


1 In ConsoleOne®, right-click the Internet Agent object, then click Properties. 
2 Ifthe SMTP/MIME Settings page is not the default page, click SMTP/MIME > Settings. 


Properties of GWIA 
SMTP/MIME + | LDAP | POPSIMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | Groupi 
Settings 

Enable SMTP service 
Number of SMTP send threads: 
Number of SMTP receive threads: 

[Kill threads on exit or restart 


IV Enable iCal service 





Hostname/DNS "4 Record" name: ibd-nw prove .novell.corm| 





Relay Host for outbound messages: 
Scan cycle for send directory: 10 4 seconds 
Use 7 bit encoding for all outbound messages 


Maximum number of hours to retry a deferred message: 96 4 hours 








Intervals to retry a deferred message 20,20,20,240 


[ Do not publish GroupWise information on an initial SMTP connection 


Page Options... Cancel | Apply 








3 Fill in the fields: 


Enable SMTP Service: SMTP service is on by default. This setting allows SMTP Internet 
messaging. This setting corresponds with the Internet Agent’s /smtp switch. 


Number of SMTP Send Threads: The SMTP send threads setting lets you specify the 
number of threads that process SMTP send requests. Each thread is equivalent to one 
connection. The default is 8 threads. This setting corresponds with the Internet Agent’s /sd 
switch. 


Number of SMTP Receive Threads: The SMTP receive threads setting lets you specify the 
number of threads that process SMTP receive requests. Each thread is equivalent to one 
connection. The default is 16 threads. This setting corresponds with the Internet Agent’s /rd 
switch. 


Kill Threads on Exit or Restart: Select this option to cause the Internet Agent to stop 
immediately, without allowing its send/receive threads to perform their normal shutdown 
procedures. The normal termination of all send/receive threads can take several minutes, 
especially if a large message is being processed. By terminating immediately, a needed restart 
can occur immediately as well. This setting corresponds with the Internet Agent’s /killthreads 
switch. 


Enable iCal Service: Select this option if you want the Internet Agent to convert outbound 
GroupWise Calendar items into MIME text/calendar iCal objects and to convert incoming 
MIME text/calendar messages into GroupWise Calendar items. Enabling the iCal service 
provides the functionality described in “Accepting or Declining Internet Items” in “Scheduling 
Group and Posted Items” in the GroupWise 7 Windows Client User Guide. This setting 
corresponds with the Internet Agent's /imip switch. 
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Hostname/DNS "A Record" Name: The Hostname/DNS “A Record” name setting lets you 
identify the hostname of the server where the Internet Agent resides, or in other words the A 
Record in your DNS table that associates a hostname with the server’s IP address (for example, 
gwia.novell.com). This setting corresponds with the Internet Agent’s /hn switch. 


If you leave this field blank, the Internet Agent uses the hostname obtained by querying the 
hosts file from the server. 


Relay Host for Outbound Messages: The Relay host setting can be used if you want to use 
one or more relay hosts to route all outbound Internet e-mail. Specify the IP address or DNS 
hostname of the relay hosts. Use a space between relay hosts in a list. Relay hosts can be part of 
your network or can reside at the Internet service provider’s site. This setting corresponds with 
the Internet Agent’s /mh switch. 


If you want to use a relay host, but you want some outbound messages sent directly to the 
destination host rather than to the relay host, you can use a route configuration file 
(route.cfg). Whenever a message is addressed to a user at a host that is included in the 
route.cfg file, the Internet Agent sends the message directly to the host rather than to the 
relay host. For information about creating a route . cfg file, see Section 46.1.9, “Using a 
Route Configuration File,” on page 732. 


Scan Cycle for Send Directory: The Scan cycle setting specifies how often the Internet Agent 
polls for outgoing messages. The default is 10 seconds. This setting corresponds with the 
Internet Agent’s /p switch. 


Use 7 Bit Encoding for All Outbound Messages: By default, the Internet Agent uses 8-bit 
MIME encoding for any outbound messages that are HTML-formatted or that contain 8-bit 
characters. If, after connecting with the receiving SMTP host, the Internet Agent discovers that 
the receiving SMTP host cannot handle 8-bit MIME encoded messages, the Internet Agent 
converts the messages to 7-bit encoding. 


With this option selected, the Internet Agent automatically uses 7-bit encoding and does not 
attempt to use 8-bit MIME encoding. You should use this option if you are using a relay host 
that does not support 8-bit MIME encoding. This setting corresponds with the Internet Agent’s 
/force7bitout switch. 


Maximum Number of Hours to Retry a Deferred Message: Specify the number of hours 
after which the Internet Agent stops trying to send deferred messages. The default is 96 hours, 
or four days. A deferred message is any message that can’t be sent because of a temporary 
problem (host down, MX record not found, and so forth). This setting corresponds with the 
Internet Agent’s /maxdeferhours switch. 


Intervals to Retry a Deferred Message: Specify in a comma-delimited list the number of 
minutes after which the Internet Agent retries sending deferred messages. The default is 20, 20, 
20, 240. The Internet Agent interprets this list as follows: It retries 20 minutes after the initial 
send, 20 minutes after the first retry, 20 minutes after the second retry, and 240 minutes (4 
hours) after the third retry. Thereafter, it retries every 240 minutes until the number of hours 
specified in the Maximum Number of Hours to Retry a Deferred Message field is reached. You 
can provide additional retry intervals as needed. It is the last retry interval that repeats until the 
maximum number of hours is reached. This setting corresponds with the Internet Agent’s / 
msgdeferinterval switch. 


Do Not Publish GroupWise Information on an Initial SMTP Connection: Select this 
option to suppress the GroupWise version and copyright date information that the Internet 
Agent typically responds with when contacted by another SMTP host or a telnet session. This 
setting corresponds with the Internet Agent’s /nosmtpversion switch. 


4 Click OK to save the changes. 
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46.1.2 Using Extended SMTP (ESMTP) Options 


The Internet Agent supports several Extended SMTP (ESMTP) settings. These are settings that 
might or might not be supported by another SMTP system. 


The following ESMTP extensions are supported: 


+ 


+ 


+ 


+ 


+ 


SIZE: For more information, see RFC 1870 (http://www.ietf.org/rfc/rfc1870.txt). 
AUTH: For more information, see RFC 2554 (http://www.ietf.org/rfc/rfc2554.txt). 


DSN: For more information, see RFC 3464 (http://www.ietf.org/rfc/rfc3464.txt) and RFC 3461 
(http://www.ietf.org/rfc/rfc3461.txt). 


8BITMIME: For more information, see RFC 1652 (http://www.ietf.org/rfc/rfc 1652.txt). 
STARTTLS: For more information, see RFC 3207 (http://www. ietf.org/rfc/rfe3207.txt). 


To configure ESMTP settings: 


1 
2 


3 


4 





In ConsoleOne, right-click the Internet Agent object, then click Properties. 
Click SMTP/MIME > ESMTP Settings. 


Properties of GWIA 
r LDAP | POP31MAP4 | Server Directories | Access Control + | Reattach | Post Office Links | Groupi 


IV Enable Delivery Status Notification (DSN) 


DSNHold Age: [ 4 +] days 


Page Options... Cancel Apply 





Fill in the fields: 


Enable Delivery Status Notification: Turn on this option to allow the Internet Agent to 
request status notifications for outgoing messages and to supply status notifications for 
incoming messages. This requires the external e-mail system to also support Delivery Status 
Notification. Currently, notification consists of two delivery statuses: successful or 
unsuccessful. 


If you enable the Delivery Status Notification option, you need to select the number of days that 
you want the Internet Agent to retain information about the external sender so that status 
updates can be delivered to him or her. For example, the default hold age causes the sender 
information to be retained for 4 days. If the Internet Agent does not receive delivery status 
notification from the GroupWise recipient’s Post Office Agent (POA) within that time period, it 
deletes the sender information and the sender does not receive any delivery status notification. 


Click OK to save the changes. 
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46.1.3 Configuring How the Internet Agent Handles E-Mail 
Addresses 


The Internet Agent can handle e-mail addresses in a variety of ways: 


¢ Internet addressing vs. GroupWise proprietary addressing 


+ Group membership expansion on inbound messages 


+ 


Distribution membership expansion on outbound messages 
¢ Using non-GroupWise domains 
+ Using sender’s address format 


+ Using domain and post office information 
To set the Internet Agent address handling options: 


1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 
2 Click SMTP/MIME > Address Handling. 


Properties of GWIA 


LDAP | POP31MAP4 | Server Directories | Access Control v | Reattach | Post Office Links | Grou! 
| Address Handling i 


Addressing Style 
T Ignore GroupWise Internet Addressing 


Inbound Settings: 
T Expand distribution lists on incoming messages 


T Do not replace unscores with spaces 


Outbound Settings 





Non-GroupVVise Domain for RFC-822 Replies: 
Non-GroupWise Domain for MIME Replies: 
Sender's address format: 














Place domain and post office qualifiers: 
© on left of address 


© on right of address 
[T Retain distribution lists on outgoing messages 
T Use GroupWise user address as Mail From: for rule generated messages 
T Display fullname as lastname, firstname 


T Do not include the fullname in the MIME header 


Page Options... Cancel Apply 








3 Fill in the fields: 


Ignore GroupWise Internet Addressing: GroupWise supports both Internet-style addressing 
(user@host) and GroupWise proprietary addressing (user_ID.post_office.domain). By default, 
the Internet Agent uses Internet-style addressing. 


If you do not want the Internet Agent to use standard Internet-style addressing (user@host), 
turn on the Ignore GroupWise Internet Addressing option. With this option turned on, messages 
use the mail domain name in the Foreign ID field (Internet Agent object > GroupWise > 
Identification) for the domain portion of a user’s Internet address. If you included multiple mail 
domain names in the Foreign ID field or the frgnames. cfg file, as described in “Listing 


Foreign Domain Names” on page 723, the first mail domain name listed is the one used in 
addresses. 


The Internet Agent supports user and post office aliases in either mode. This setting 
corresponds with the Internet Agent’s /dia switch. 
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Expand Groups on Incoming Messages: Turn on this option to have incoming Internet 
messages addressed to public groups sent to all members of the groups. This setting 
corresponds with the Internet Agent’s /group switch. 


Non-Group Wise Domain for RFC-822 Replies: This setting can be used only if 1) you 
created a non-Group Wise domain to represent all or part of the Internet, as described in 
Section 6.7, “Adding External Users to the GroupWise Address Book,” on page 95, and 2) you 
defined the non-GroupWise domain’s outgoing conversion format as RFC-822 when you 
linked the Internet Agent to the domain. 


Specify the name of the non-GroupWise domain associated with the RFC-822 conversion 
format. When a GroupWise user replies to a message that was originally received by the 
Internet Agent in RFC-822 format, the reply is sent to the specified non-Group Wise domain 
and converted to RFC-822 format so that it is in the same format as the original message. 


This setting corresponds with the Internet Agent’s /fd822 switch. 


Non-Group Wise Domain for MIME Replies: This setting can be used only if 1) you created 
a non-Group Wise domain that represents all or part of the Internet, as described in Section 6.7, 
“Adding External Users to the GroupWise Address Book,” on page 95, and 2) you defined the 
non-GroupWise domain’s outgoing conversion format as MIME when you linked the Internet 
Agent to the domain. 


Specify the name of the non-GroupWise domain associated with the MIME conversion format. 
When a Group Wise user replies to a message that was originally received by the Internet Agent 
in MIME format, the reply is sent to the specified non-GroupWise domain and converted to 
MIME format so that it is in the same format as the original message. 


This setting corresponds with the Internet Agent’s /fdmime switch. 


Sender’s Address Format: This setting applies only if you have not enabled Group Wise 
Internet addressing (in other words, you selected the Ignore GroupWise Internet Addressing 
option). If GroupWise Internet addressing is enabled, the Internet Agent ignores this setting and 
uses the preferred address format established for outbound messages (Tools > GroupWise 
System Operations > Internet Addressing). 


The Sender’s Address Format setting lets you specify which GroupWise address components 
(domain.post_office.user_ID) are included as the user portion of the address on outbound 
messages. You can choose from the following options: 


+ Domain, Post Office, User, and Hostname: Uses the domain.post_office.user_ID@host 
syntax. 


+ Post Office, User, and Hostname: Uses the post_office.user_ID@host syntax. 
+ User and Hostname: Uses the user ID@host syntax. 


+ Auto (default): Uses the GroupWise addressing components required to make the address 
unique within the user’s GroupWise system. Ifa user ID is unique in a GroupWise system, 
the outbound address uses only the user ID. If the post office or domain.post office 
components are required to make the address unique, these components are also included 
in the outbound address. 


The Sender’s Address Format setting corresponds with the Internet Agent’s /agl switch. 


Place Domain and Post Office Qualifiers: If the sender’s address format must include the 
domain and/or post office portions to be unique, you can use this option to determine where the 
domain and post office portions are located within the address. 


+ On Left of Address (default): Leaves the domain and post office portions on the left side 
of the @ sign (for example, domain.post_office.user_ID@host. 
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+ On Right of Address: Moves the domain and post office portions to the right side of the 
@ sign, making the domain and post office part of the host portion of the address (for 
example, user_ID@post_office.domain.host. If you choose this option, you must ensure 
that your DNS server can resolve each post_office.domain.host portion of the address. 
This setting corresponds with the Internet Agent’s /aqor switch. 


Retain Distribution Lists on Outgoing Messages: Select this option if you do not want 
the Internet Agent to expand distribution lists on messages going to external Internet 
users. Expansion of distribution lists can result in large SMTP headers on outgoing 
messages. This setting corresponds with the Internet Agent’s /keepsendgroups switch. 


Use GroupWise User Address as Mail From: for Rule Generated Messages: Select 
this option if you want the Internet Agent to use the real user in the Mail From field 
instead of having auto-forwards come from Postmaster and auto-replies come from 
Mailer-Daemon. This setting corresponds with the Internet Agent’s /realmailfrom switch. 


4 Click OK to save the changes. 


Listing Foreign Domain Names 


The Foreign ID field (Internet Agent object > GroupWise > Identification) identifies the Internet 
domain names for which the Internet Agent accepts messages. The field should always include your 
mail domain name (for example, novell.com). You can include additional domain names by 
separating them with a space, as in the following example: 


novell.com gw.novell.com gwia.novell.com 


When you list multiple Internet domain names, the Internet Agent accepts messages for a 
Group Wise user if any of the Internet domain names are used (for example, jsmith@novell.com, 
jsmith@gw.novell.com, or jsmith@gwia.novell.com). 


The field limit is 255 characters. If you need to exceed that limit, you can create a frgnames.cfg 
text file in the domain\wpgate\gwia directory. Include each Internet domain name, separated 
by a space, just like you would in the Foreign ID field. 


46.1.4 Determining Format Options for Messages 


You can control aspects of how the Internet Agent formats incoming and outgoing messages: 


+ Number of Internet Agent threads for converting messages into the specified format 
+ The view in which incoming messages are displayed to GroupWise users 

+ Text encoding method (Basic RFC-822 or MIME) 

+ Text wrapping 

+ Message prioritization based on x-priority fields 


To set the Internet Agent format options: 


1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 
2 Click SMTP/MIME > Message Formatting. 
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Inbound Settings 


Number of inbound conversion threads: 


‘Outbound Settings 
Number of outbound conversion threads: 
Default message encoding: 
© Basic RFC-822 
r 
C MME 
Message text line wrapping: 
[V Enable quoted printable text line wrapping 
Line wrap length for message text on outbound mail: [72 4+ 
[ Enable flat-forwarding 
Default Global Signature to insert in outbound messages: Defined at:Corporate Mail 











override | 





= Apply Global Signature to relay messages 


I” Disable mapping x-priority fields 


Page Options... Cancel Apply 








3 Fill in the fields: 


Number of Inbound Conversion Threads: The inbound conversion threads setting lets you 
specify the number of threads that convert inbound messages from MIME or RFC-822 format 
to the GroupWise message format. The default setting is 4. This setting corresponds with the 
Internet Agent’s /rt switch. 


Number of Outbound Conversion Threads: The outbound conversion threads setting lets 
you specify the number of threads that convert outbound messages from the GroupWise 
message format to MIME or RFC-822 format. The default setting is 4. This setting corresponds 
with the Internet Agent’s /st switch. 


Default Message Encoding: The default message encoding setting lets you select the 
encoding method for your outbound Internet messages. You can select either Basic RFC-822 
formatting or MIME formatting. MIME is the default message format. This setting corresponds 
with the Internet Agent’s /mime switch. 


If you select the Basic RFC-822 option, you can decide whether or not to have the Internet 
Agent UUEncode all ASCII text attachments to RFC-822 formatted messages. By default, this 
option is turned off, which means ASCII text attachments are included as part of the message 
body. This setting corresponds with the Internet Agent’s /uueaa switch. 


Message Text Line Wrapping: The Quoted Printable text line wrapping setting lets you 
select the Quoted Printable MIME standard for line wrapping, which provides “soft returns”. 
By default this setting is turned on. If you turn the setting off, MIME messages go out as plain 
text and wrap text with “hard returns” according to the number of characters specified in the 
line wrap length setting. This setting corresponds with the Internet Agent’s /nqpmt switch. 


The Line Wrap Length for Message Text on Outbound Mail setting lets you specify the line 
length for outgoing messages. This is useful if the recipient’s e-mail system requires a certain 
line length. The default line length is 72 characters. This setting corresponds with the Internet 
Agent’s /wrap switch. 


Enable Flat Forwarding: Select this option to automatically strip out the empty message that 
is created when a message is forwarded without adding text, and retain the original sender of 
the message, rather than showing the user who forwarded it. This facilitates users forwarding 
messages from GroupWise to other e-mail accounts. Messages arrive in the other accounts 
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showing the original senders, not the users who forwarded the messages from Group Wise. This 
setting corresponds with the Internet Agent’s /flatfwd switch. 


Default Global Signature to Insert in Outbound Messages: Displays the default global 
signature for your GroupWise system as described in Section 14.3.2, “Selecting a Default 
Global Signature for All Outgoing Messages,” on page 220. If you want this Internet Agent to 
append a different global signature, select Override, then select the desired signature. 

Apply Global Signature to Relay Messages: Select this option to append the global signature 
to messages that are relayed through your GroupWise system (for example, messages from 
POP and IMAP clients) in addition to messages that originate within your GroupWise system. 
This setting corresponds with the Internet Agent’s /relayaddsignature switch. 

Disable Mapping X-Priority Fields: Select this option to disable the function of mapping an 
x-priority MIME field to a GroupWise priority for the message. By default, the Internet Agent 
maps x-priority 1 and 2 messages as high priority, x-priority 3 messages as normal priority, and 
x-priority 4 and 5 as low priority in GroupWise. This setting corresponds with the Internet 
Agent’s /nomappriority switch. 


4 Click OK to save the changes. 


46.1.5 Configuring the SMTP Timeout Settings 


The SMTP Timeout settings specify how long the Internet Agent’s SMTP service waits to receive 
data that it can process. After the allocated time expires, the Internet Agent might give a TCP read/ 
write error. 


To configure the SMTP timeout settings: 


1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 
2 Click SMTP/MIME > Timeouts. 


Properties of GWIA 
DAP | POPSAMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | Group, 


on 


Commands: minutes 


Data: minutes 


NA 


Connection Establishment: minutes 


Initial Greeting: minutes: 


an 


TCP Read: minutes: 








a 
al» Lao lal» lal» lal» [de 


=] 


Connection Termination: minutes 


Page Options... Cancel Apply 








3 Fill in the fields: 


Commands: The Commands setting lets you specify how long the Internet Agent waits for an 
SMTP command. The default is 5 minutes. This setting corresponds with the Internet Agent’s / 
tc switch. 
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Data: The Data setting lets you specify how long the Internet Agent waits for data from the 
receiving host. The default is 3 minutes. This setting corresponds with the Internet Agent’s /td 
switch. 


Connection Establishment: The Connection Establishment setting lets you specify how long 
the Internet Agent waits for the receiving host to establish a connection. The default is 2 
minutes. This setting corresponds with the Internet Agent’s /te switch. 


Initial Greeting: The /nitial Greeting setting lets you specify how long the Internet Agent 
waits for the initial greeting from the receiving host. The default is 5 minutes. This setting 
corresponds with the Internet Agent’s /tg switch. 


TCP Read: The TCP Read setting lets you specify how long the Internet Agent waits for a 
TCP read. The default is 5 minutes. This setting corresponds with the Internet Agent’s /tr 
switch. 


Connection Termination: The Connection Termination setting lets you specify how long the 
Internet Agent waits for the receiving host to terminate the connection. The default is 10 
minutes. This setting corresponds with the Internet Agent’s /tt switch. 


4 Click OK to save the changes. 


46.1.6 Determining What to Do with Undeliverable Messages 


You can configure how the Internet Agent handles messages that it cannot deliver: 


+ How much of the message to return to the sender 

+ Another host to forward the message to (where it might be deliverable) 

+ Whether to move the message to the GroupWise problem directory or send it to the GroupWise 
administrator 


To set the Internet Agent undeliverable message options: 


1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 
2 Click SMTP/MIME > Undeliverables. 


į Undeliverable: 


Amount of Original Message to Return to Sender 
when Message is Undeliverable: 








Forward Undeliverable Inbound Messages to Host: 


Undeliverable or Problem Messages 


IV Move to problem directory 





[ Send to postmaster 
If neither option is chosen, the messages are discarded. 





Page Options... Cancel Apply 
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3 Fill in the fields: 


Amount of Original Message to Return to Sender When Message is Undeliverable: This 
setting lets you specify how much of the original message is sent back to the sender when a 
message is deemed undeliverable. By default, only 2 KB of the original message is sent back. 
This setting corresponds with the Internet Agent’s /mudas switch. 


Forward Undeliverable Inbound Messages to Host: This setting lets you specify a host to 
which undeliverable messages are forwarded. This might be useful if you use UNIX sendmail 
aliases. 


When an IP address is specified rather than a DNS hostname, the IP address must be 
surrounded by square brackets [ ]. For example, [172.16.5.18]. 


This setting corresponds with the Internet Agent’s /fut switch. 


Undeliverable or Problem Messages: This setting lets you specify what you want the Internet 
Agent to do with problem messages. A problem message is an inbound or outbound message 
that the Internet Agent cannot convert properly. By default, problem messages are discarded. If 
you want to save problem messages, specify whether to move the messages to the problem 
directory (gwprob), send them to the postmaster, or do both. This setting corresponds with the 
Internet Agent’s /badmsg switch. 





IMPORTANT: Despite the field name (Undeliverable or Problem Messages), this setting does 
not apply to undeliverable messages. 





4 Click OK to save the changes. 


46.1.7 Configuring SMTP Dial-Up Services 


SMTP dial-up services can be used when you don’t require a permanent connection to the Internet 
and want to periodically check for mail messages queued for processing. Perform the following 
tasks in order to use SMTP dial-up services: 


+ “Setting up Internet Dial-Up Software” on page 728 

+ “Enabling Dial-Up Services” on page 728 

+ “Creating a Dial-Up Schedule” on page 729 
Setting up Internet Dial-Up Software 


The Internet Agent requires routing software to make the dial-up connection to the Internet. The 
Internet Agent cannot make this connection itself; it simply creates packets to hand off to the routing 
software. 


For information about configuring the Internet Agent’s dial-up feature with routing software, see 
TID 10007366 in the Novell Support Knowledgebase (http://www.novell.com/support). 


Enabling Dial-Up Services 


After you have the appropriate routing software in place, you can enable and configure the Internet 
Agent’s dial-up services. 


1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 
2 Click SMTP/MIME > Dial-Up Settings. 
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T Enable dial-up 





ETRN Host: 
ETRN Gueue: 








Settings for Windows NT Remote Access Server 





Username: [ 


Password: 


When dial-up is enabled, select the Scheduling page to set the times when dialing is allowed. 





Page Options... Cancel Apply 





3 Fill in the fields: 


Enable Dial-Up: Turn on this option to allow the Internet Agent to support SMTP dial-up 
service. This option is off by default. This setting corresponds with the Internet Agent’s / 
usedialup switch. 


ETRN Host: Specify the IP address, or DNS hostname, of the mail server (where your mail 
account resides) at your Internet Service Provider. You should obtain this address from your 
Internet Service Provider. This setting corresponds with the Internet Agent’s /etrnhost switch. 


ETRN Queue: Specify your e-mail domain as provided by your Internet Service Provider (for 
example, novell.com). This setting corresponds with the Internet Agent’s /etrnqueue switch. 


Username: The Username setting applies only if you are using a Windows Remote Access 
Server (RAS) and the Internet Agent is not running on the same server as the RAS. 


Specify the RAS Security username. This setting corresponds with the Internet Agent’s / 
dialuser switch. 


Password: The Password setting applies only if you are using a Windows Remote Access 
Server (RAS) and the Internet Agent is not running on the same server as the RAS. 


Specify the RAS Security user’s password. This setting corresponds with the Internet Agent’s / 
dialpass switch. 


4 Click OK to save the changes. 
Creating a Dial-Up Schedule 


After you enable the Internet Agent to use a dial-up connection, you need to schedule the times 
when the Internet Agent initiates a connection. 





NOTE: When the Internet Agent initiates a connection, it simply passes TCP/IP packets to the 
routing service that makes the Internet connection. The routing software, not the Internet Agent, is 
responsible for the actual dial-up or timeout. 





The Internet Agent uses profiles to enable you to assign different dial-up criteria to different times. 
For example, the default profile instructs the Internet Agent to initiate a dial-up connection 
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whenever an outgoing message is placed in its send queue. However, during the night, you might 
want the Internet Agent to initiate a connection only after 30 outgoing messages have been queued. 
In this case, you could create a profile that requires 30 messages to be queued and then apply the 
profile between the hours of 11 p.m. and 7 a.m. each day. 


To create a dial-up schedule: 


1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 
2 Click SMTP/MIME > Scheduling. 


Properties of GWIA 





Sunday 
Monday 
Tuesday 
Wednesday 
Thursday 








Friday 
Saturday 










































































Default Profile 
= Other Profiles 
Wi current Profile 





Profiles: 


Page Options... Cancel | Apply | Help | 








3 Continue with the desired task: 
+ “Applying a Profile” on page 730 
+ “Creating a Profile” on page 730 
+ “Editing a Profile” on page 730 
+ “Deleting a Profile” on page 730 


Applying a Profile 


1 Select the profile in the Profiles list. 
2 Click the desired hour. 

or 

Drag to select multiple hours. 


3 Click Apply to save the changes or click OK to save the changes and close the page. 


Creating a Profile 


1 Click Create to display the Create Profile dialog box. 
2 Fill in the fields: 


Name: Specify a unique name for the profile. It must be different than any other name in the 
Profile list. 


Description: If desired, specify a description for the profile. 
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Queue Thresholds: The queue thresholds determine the criteria for the Internet Agent to 
initiate a dial-up connection to send messages. The settings do not apply to receiving messages 
(see Dial Parameters below). 


You can base the criteria on the number of messages in the send queue, the total size of the 
messages in the send queue, or the number of minutes to wait between connections. If 
necessary, you can use a combination of the three criteria. 


For example, if you set Messages to 20, Kilobytes to 100, and Minutes to 60, the Internet Agent 
instructs the routing service to initiate a dial-up connection when 20 messages have 
accumulated in the queue, when the total size of the messages in the queue reaches 100 K, or 
when 60 minutes have passed since the last connection. 


Dial Parameters: The dial parameters serve two purposes: 1) the Internet Agent passes the 
Redial Interval and Idle Time Before Hangup parameters to the routing service to use when 
initiating a connection to send outbound messages, and 2) the Internet Agent uses the Polling 
Interval parameter to determine how often the routing service should initiate a connection to 
check for inbound messages. The Polling Interval parameter is required. 


Specify the interval between redials (default is 30 seconds), the amount of time to wait before 
hanging up when there are no messages to process (default is 60 seconds), and the interval 
between polling for inbound messages (default is 0 minutes). 


3 Click OK to add the profile to the Profiles list. 
4 To apply the profile to a block of time, see “Applying a Profile” on page 730. 
Editing a Profile 


1 Select the profile you want to edit, then click Edit to display the Edit Profile dialog box. 


2 Modify the desired fields. For information about each of the fields, click the Help button in the 
Edit Profile dialog box or see “Creating a Profile” on page 730. 


3 Click Apply to save the changes or click OK to save the changes and close the page. 
Deleting a Profile 


1 Select the profile you want to remove from the list, then click Delete. 


2 Click Apply to save the changes or click OK to save the changes and close the page. 


46.1.8 Enabling SMTP Relaying 


You can enable the Internet Agent to function as a relay host for Internet messages. The Internet 
Agent can relay messages received from all Internet hosts, or you can select specific hosts for which 
you allow it to relay. 


1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 
2 Click Access Control > SMTP Relay Settings. 
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Properties of GWIA 
SMTPMIME + | LDAP | POPSAMAP4 | Server Directories | ccess Control + | Reattach | Post Office Links Groupi 
| SMTP Relay Settings i 
‘SMTP Relay Defaults 
C Allow message relaying 


(° Prevent message relaying 


I Prevent messages larger than 1 4 Kbytes 


Exceptions 


Allow: 


From To Create... 




















Page Options... 





3 Under SMTP Relay Defaults, select whether you want to allow or prevent message relaying. 


If you prevent message relaying, you can define exceptions that allow message relaying for 
specific Internet hosts. This can also be done if you allow message relaying. We suggest that 
you select the option that enables you to define the fewest exceptions. 


4 To prevent relaying of messages larger than a specific size (regardless of the SMTP Relay 
Defaults setting), enable the Prevent Messages Larger Than option and specify the size 
limitation. 


5 To define an exception, click Create to display the New Internet Address dialog box. 


New Internet Address 











6 Fillin the following fields: 


From: Specify the Internet address that must be in the message’s From field for the exception 
to be applied. 


To: Specify the Internet address that must be in the message’s 70 field for the exception to be 
applied. This is also the address that the message is relayed to (in the case of an Allow 
exception). 

In both the From and To fields, you can use either an IP address or a DNS hostname, as shown 
in the following examples: 


novell.com 
10.1.1.10 


You can enter a specific address, as shown above, or you can use wildcards and IP address 
ranges to specify multiple addresses, as follows: 


*.novell.com 
10.1:1.* 
LO de 1=.10=15 


7 Click OK to add the exception to the list. 
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8 When finished defining exceptions, click OK to save your changes. 


46.1.9 Using a Route Configuration File 


The Internet Agent supports the use of a route configuration file (route. cfg) to specify 
destination SMTP hosts. This can be useful in situations such as the following: 


+ You are using a relay host for outbound messages. However, you want some outbound 
messages sent directly to the destination host rather than the relay host. Whenever a message is 
addressed to a user at a host that is included in the route .cfg file, the Internet Agent sends 
the message directly to the destination host rather than the relay host. 


+ You need to send messages to SMTP hosts that are unknown to the public Domain Name 
Servers. The route .cfg file acts much like a hosts file to enable the Internet Agent to 
resolve addresses not listed in DNS. 


+ The Internet Agent uses external DNS servers but the server it is running on has an internal IP 
address. This prevents the Internet Agent from querying external DNS servers for its own 
internal domain names and receiving Host Down errors from the external DNS servers. 


+ You want to route messages through an SMTP host that checks for viruses (or performs some 
other task) before routing them to the destination host. 


To set up a route . cfg file: 


1 Create the route .cfg file as a text file in the domain\wpgate\gwia directory. 


2 Add an entry for each SMTP host you want to send to directly. The entry format is: 
hostname address 


where address is either an alternative hostname or an IP address. For example: 


novell.com gwia.novell.com 
unixbox [172.16.5.18] 


Make sure to include a hard return after the last entry. In addition, if you use an IP address, it 
must be included in square brackets, as shown in the second example. 


3 Save the route.cfg file. 


46.1.10 Customizing Delivery Status Notifications 


The Internet Agent returns status messages for all outbound messages. For example, if a GroupWise 
user sends a message that the Internet Agent cannot deliver, the Internet Agent returns an 
undeliverable message to the Group Wise user. 


By default, the Internet Agent uses internal status messages. However, you can override the internal 
status messages by using a status. xml file that includes the status messages you want to use. 


1 Open the appropriate statusxx.xml file, located in the domain\wpgate\gwia 
directory. 


The domain\wpgate\gwia directory includes a status xx.xml file for each language 
included on your GroupWise 7 Administrator CD (for example, statusus. xml, 
statusde.xml, and statusfr.xml). 


2 Make the modifications you want. 


732 GroupWise 7 Administration Guide 


The following sample code shows the elements and default text of the Undeliverable Message 


status: 





<STATUS MESSAGE type="undeliverableMessage" xml:lang="en-US"> 

















<SUBJECT>Message status - undeliverable</SUBJECT> 





<MESSAGE_BODY> 
<TEXT>\r\nThe attached file had the 
recipient (s) :\r\n</TEXT> 

<RECIPIENT LIST format="\t%s\r\n" 
<SESSION TRANSCRIPT> 




















following undeliverable 





<TEXT>\r\nTranscript of session follows:\r\n<TEXT> 





</SESSION TRANSCRIPT> 


<ATTACH ORIGINAL MSG></ATTACH ORIGINAL MSG> 














</MESSAGE BODY> 
</STATUS MESSAGE> 























You can modify text in the <SUBJECT> tag orin the <TEXT> tags. 











You can add additional <TEXT> tagsinthe <MESSAGE BODY>. 














You can remove tags to keep an element from being displayed. For example, you could remove 





the <ATTACH ORIGINAL MSG></ATTACH O] 
message from displaying. 


RIGINAL MSC> tags to keep the original 


You can use the following format characters and variables: 


+ \t: tab 
+ \r: carriage return 
+ Mn: line feed 


+ %s: recipient name variable 


3 Save the file, renaming it from statusxx.xml to status.xml. 


4 Restart the Internet Agent. 


The Internet Agent now uses the status messages defined in the status. xml file rather than its 
internal status messages. 


46.1.11 Managing MIME Messages 


Multipurpose Internet Mail Extensions, or MIME, provides a means to interchange text in languages 
with different character sets. Multimedia e-mail can be sent between different computer systems that 
use the SMTP protocol. MIME allows you to send and receive e-mail messages containing: 


+ 


+ 


+ 


Images 

Sounds 

UNIX Tar Files 
PostScript* 

FTP-able File Pointers 
Non-ASCII Character Sets 
Enriched Text 

Nearly any other file 
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Because MIME handles such a variety of file types, you might need to customize aspects of MIME 
for your users. 


+ “Customizing MIME Preamble Text” on page 734 
+ “Customizing MIME Content-Type Mappings” on page 734 


Customizing MIME Preamble Text 


An ASCII file called preamble. txt is installed in the Internet Agent gateway directory 
(domain\wpgate\gwia). This file, which is included with any MIME multipart message, is 
displayed when the message recipient lacks a MIME-compliant mail reader. 


The content of the preamble.txt file is a warning, in English, that the file is being sent in MIME 
format. If the recipient cannot read the message, he or she needs to either use a MIME-compliant 
mail reader or reply to the sender and request the message not be sent in MIME format. 


We recommend that you use the preamble. txt file so that those who read MIME messages 
coming from your GroupWise system and who lack MIME-compliant mail readers can understand 
why they cannot read the message and can take corrective action. 


If you choose to modify the preamble.txt file, be aware of the following considerations: 


+ The maximum file size is 1024 bytes (1 KB) 


¢ This file is read by the Internet Agent when the Internet Agent starts, so if you change the file, 
you must restart the Internet Agent. 


The Internet Agent’s gateway directory also contains a preamble.al1] file. The 
preamble.all file includes the text of preamble.txt translated into several languages. If 
you anticipate that your users will be sending mail to non-English speaking users, you might want to 
copy the appropriate language sections from the preamble.all file to the preamble.txt file. 


The 1024-byte limit on the size of the preamble.txt file still applies, so make sure that the file 
does not exceed 1024 bytes. 


Customizing MIME Content-Type Mappings 


By default, the GroupWise client determines the MIME content-type and encoding for message 
attachments. If, for some reason, the GroupWise client cannot determine the appropriate MIME 
content-type and encoding for an attachment, the Internet Agent must determine the content-type 
and encoding. 


The Internet Agent uses amimetype.cfg file to map attachments to the appropriate MIME 
content types. Based on an attachment’s content type, the Internet Agent encodes the attachment 
using quoted-printable, Base64, or BinHex. Generally, quoted-printable is used for text-based files, 
Base64 for application files, and BinHex for Macintosh files. 


The mimetype.cfg file includes mappings for many standard files. If necessary, you can modify 
the file to include additional mappings. If an attachment is sent which does not have a mapping in 
the file, the Internet Agent chooses quoted-printable, BinHex or Base64 encoding. 


The mimetype . cfg file is also used for RFC-822 attachments, but UUencode or BinHex 
encoding is used regardless of the mapped content type. 
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The mimet ype. cfg file is located in the domain\wpgate\gwia directory. The following 
section provide information you need to know to modify the file: 


+ “Mapping Format” on page 735 


+ “File Organization” on page 736 


Mapping Format 


Each mapping entry in the file uses the following format: 


content-type .ext|dtk-code|mac-ttttcccc [/parms] ["comment"] 


Element Description 


content-type The MIME content type to which the file type is being mapped (for 
example, text/plain). You can omit the content-type only if you use the / 
parms element to explicitly define the encoding scheme for the file 


type. 
.ext|dtk-code|mac-ttticccc The .ext element, dtk-code element, and mac-ttttcccc element are 
mutually exclusive. Each entry contains only one of the elements. 
+ ext: The file type extension being mapped to the content type 
(for example, .txt). 


+ dtk-code: The detect code being mapped to the content type (for 
example, dtk-1126). GroupWise assigns a detect code to each 
attachment type. 


+ mac-ttttcccc: The Macintosh file type and creator application 
being mapped to the content type (for example, mac-textmswd). 
The first four characters (tttt) are used for the file type. The last 
four characters (cccc) are used for the creator application. You 
can use ???? for the creator portion (mac-text????) to indicate a 
certain file type created by any application. You can use ???? in 


any application. 


/parms Optional parameters that can be used to override the default encoding 
assigned to the MIME content type. Possible parameters are: 
+ /alternate 
+ /parallel 
+ /base64 
+ /quoted-printable 
+ /quoted-printable-safe 
+ /uuencode 
+ /plain 
+ /binhex 
+ /nofixeol 
+ /force-ext 
+ /noconvert 
+ /apple-single 


+ /apple-double 
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Element Description 


"comment" Optional content description 


File Organization 


Themimetype.cfg file contains the following four sections: 


+ [Parameter-Override] 


+ 


Mac-Mappings] 


+ 


[ 
[ 
[Detect-Mappings] 
* 


Extension-Mappings] 


[Parameter-Override] 


The [Parameter-override] section take priority over other sections. You can use this section to force 
the encoding scheme for certain file types. This section also contains defaults for sending various 
kinds of multipart messages. This is how the Internet Agent knows to put attachments into MIME 
Alternate/Parallel multiparts. 


[Mac-Mappings] 


The [Mac-mappings] section defines mappings for Macintosh file attachments. The following is a 
sample entry: 
application/msword mac-wdbnmswd "Word for Macintosh" 


Macintosh files have a type and creator associated with them. The first four characters are used for 
the type and the last four characters are used for the creator application. 


In the above example, the type is wdbn and the creator application is mswd. When a user attaches a 
Macintosh file to a message, the Internet Agent uses the appropriate entry in the [Map-mappings] 
section to map the file to a MIME content type and then encode the file according to the assigned 
encoding scheme. Unless otherwise specified by the /parms element, BinHex 4.0 is used for the 
encoding. The following example shows how you can use the /parms element to change the 
encoding from the default (BinHex) to Base64: 


application/msword mac-wdbnmswd /base64 "Word for Macintosh" 


If necessary, you can use ???? for the creator portion (mac-text????) to indicate a certain file type 


This causes all Macintosh files to be encoded using Base64 rather than BinHex. 


[Detect-Mappings] 


GroupWise attempts to assign each attachment a detect code based on the attachment’s file type. The 
[Detect-mappings] section defines the mappings based on these detect codes. The following is a 
sample entry: 

application/msword dtk-1000 "Microsoft Word 4" 
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The Internet Agent uses the detect code to map to a MIME content type and then encode the file 
according to the assigned encoding scheme. If there is no mapping specified or if the file type cannot 
be determined, one of the other mapping methods, such as Extension-Mappings, are used. The 
detect codes associated with attachments are GroupWise internal codes and cannot be changed. 


[Extension-Mappings] 


If a mapping could not be made based on the entries in the [Mac-mappings] and [Detect-mappings] 
section, the Internet Agent uses the [Extension-mappings] section. The [Extension-mappings] 
section defines mappings based on the attachment’s file extension. The following is a sample entry: 


application/pdf .pdf 


46.2 Configuring LDAP Services 


The Internet Agent supports the Lightweight Directory Access Protocol (LDAP) standard. With 
LDAP enabled, the GroupWise Internet Agent functions as an LDAP server, allowing LDAP queries 
for GroupWise user information contained in the GroupWise Address Book. You can also configure 
which GroupWise fields (Given Name, Last Name, Phone, and E-Mail) are visible to an LDAP 


query. 
+ Section 46.2.1, “Enabling LDAP Services,” on page 737 
+ Section 46.2.2, “Configuring Public Access,” on page 738 





IMPORTANT: For users to perform LDAP searches for GroupWise user information, they need to 
define the GroupWise Address Book as an LDAP directory in their e-mail client. When doing so, 
they use the Internet Agent’s DNS hostname or IP address for the LDAP server address 


46.2.1 Enabling LDAP Services 


To enable and configure LDAP services for mail client access: 


1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 
2 Click LDAP > Settings to display the LDAP Settings page. 
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Properties of GWIA 
SMTPMIME 


Enable LDAP service 


Number of LDAP threads: 10 i 





LDAP context: 
(search root or search base) Example: O=Novell C=US 








LDAP referral URL: 
Example: Idap:/idap.provider.com 


To specify the visibility of certain GroupWise fields (address information) and to set restrictions for the public directory 
searches, use the LDAP Public Access page. Click Access Control, then select the LDAP Public property page to make 
changes to these settings. 





Page Options... 





3 Fill in the fields: 


Enable LDAP Service: Turn on this option to allow LDAP queries. LDAP service is on by 
default. This setting corresponds to the Internet Agent’s /Idap switch. 


Number of LDAP Threads: The LDAP Threads setting lets you specify the maximum 
number of threads that process LDAP queries. The default is 10 threads. This setting 
corresponds with the Internet Agent’s /Idapthrd switch. 


LDAP Context: Use this option to limit the directory context in which the LDAP server 
searches. For example, if you want to limit LDAP searches to the Novell organization container 
located under the United States country container, enter O=Novell,C=US. This setting 
corresponds with the Internet Agent’s /Idapcntxt switch. 


If you enter an LDAP context, you must make sure that users, when defining the directory in 
their e-mail client, enter the same context (using the identical text you did) in the Search Base 
or Search Root field. 


You can leave the settings empty in both locations. 


LDAP Referral URL: Use this option to define a secondary LDAP server to which you can 
refer an LDAP query if the query fails to find a user or address in your GroupWise system. For 
this option to work, the requesting Web browser must be able to track referral URLs. This 
setting corresponds with the Internet Agent’s /Idaprefurl switch. 


4 Continue with the next section, Configuring Public Access. 


46.2.2 Configuring Public Access 


After you’ve enabled LDAP services, you can configure which GroupWise fields are visible to 
LDAP searches and also set search restrictions. By default, no fields are visible. 


1 Ifthe Internet Agent object’s property page is not open, right-click the Internet Agent object, 
then click Properties. 


2 Click Access Control > LDAP Public Settings. 
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Properties of GWIA 
SMTPMIME + | LDAP | POPSAMAP4 | Server Directories | Access Control w | Reattach | Post Office Links | Group 
| LDAP Public Settings 
LDAP Defaults 
© Allow access 


(° Prevent access 


Visible Fields: 








GroupWise Field Visibility 
Given Name Not Visible 
Last Name Not Visible 
Phone Not Visible 
E-Mail Not Visible 











Limit Search 
Number of Entries to Return: 


How Many Seconds to Search: 





Idle Minutes Before Timeout: 


Page Options... Cancel 








3 Fill in the fields: 


LDAP Defaults: Select one of the following defaults for public access: Allow Access or 
Prevent Access. If you select Allow Access, the GroupWise fields (in the Visible Fields lists) 
default to Visible for an LDAP search. If you select Prevent Access, the GroupWise fields 
default to Not Visible. 


Visible Fields: You can override the default visibility for a GroupWise field (Given Name, Last 
Name, Phone, and E-Mail) by selecting the field and then clicking the appropriate visibility 
button (Visible or Not Visible). For example, if you’ve selected Allow Access as the LDAP 
default, but you don’t want users’ telephone numbers to be visible, you can mark the Phone 
field as Not Visible. 


Number of Entries to Return: Select the maximum number of entries to return. The default is 
100. 


How Many Seconds to Search: Select the maximum amount of time (in seconds) you want 
the Internet Agent to spend searching. The default is 120 seconds. 


Idle Minutes before Timeout: Specify the number of minutes to allow the search to continue 
without finding a matching address entry. The default is 5 minutes. 


4 Click OK to save the changes. 


46.3 Configuring POP3/IMAP4 Services 


The Post Office Protocol 3 (POP3) and the Internet Message Access Protocol 4 (IMAP4) are 
standard messaging protocols for the Internet. The GroupWise Internet Agent can function as a 
POP3 or an IMAP server, allowing access to the GroupWise domain database and message store. 
With POP3 or IMAP server functionality enabled, GroupWise users can download their messages 
from GroupWise to any POP3/IMAP4-compliant Internet e-mail client. To send messages, POP3/ 
IMAP4 clients can identify the Internet Agent as their SMTP server. 


Complete the instructions in the following sections to set up POP3/IMAP4 service: 


+ Section 46.3.1, “Enabling POP3/IMAP4 Services,” on page 740 
+ Section 46.3.2, “Configuring Post Office Links,” on page 741 
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+ Section 46.3.3, “Giving POP3 or IMAP4 Access Rights to Users,” on page 743 
+ Section 46.3.4, “Setting Up an E-Mail Client for POP3/IMAP4 Services,” on page 743 





NOTE: Internal IMAP clients can connect directly to the POA, rather than connecting through the 
Internet Agent, as described in Section 36.2.3, “Supporting IMAP Clients,” on page 490. Direct 
connection provides faster access for internal IMAP clients. 





46.3.1 Enabling POP3/IMAP4 Services 


By default, POP3 service and IMAP4 service are enabled. To verify that the services are enabled and 
configured appropriately: 


1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 
2 Click POP3/IMAP4 > Settings to display the POP3/IMAP4 Settings page. 


Properties of GWIA 
SMTPMIME + | LDAP 


POP3 
IV Enable POPS service 


Number of threads for POP3 connections: 





Number of threads for POP3 SSL connections: 


|” Enable intruder detection 


IMAP4 
IV Enable IMAP4 service 
Number of threads for IMAP4 connections: 


Number of threads for IMAP4 SSL connections: 





Maximum number of items to read (in thousands) 


Page Options... 








3 Fill in the fields: 


Enable POP3 Service: POP3 service is on by default. This setting allows POP3 downloads 
from a GroupWise mailbox. It corresponds with the Internet Agent’s /pop3 switch. 


Number of Threads for POP3 Connections: The POP3 threads setting lets you specify the 
number of connections for POP3 download requests. The default is 10 threads. This setting 
corresponds with the Internet Agent’s /pt switch. 


Number of Threads for POP3 SSL Connections: Specify the maximum number of threads 
you want the Internet Agent to use for secure POP3 connections. This setting corresponds with 
the Internet Agent’s /sslpt switch. 


Enable Intruder Detection: Select this option to instruct the Internet Agent to log POP3 e- 
mail clients in through the POA so that the POA’s intruder detection can take effect, if it has 
been configured in ConsoleOne (POA object > Client Access Settings > Intruder Detection). 
This setting corresponds with the Internet Agent’s /popintruderdetect switch. 
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Enable IMAP4 Service: IMAP4 service is on by default. This setting allows IMAP4 
downloads and management of GroupWise messages. It corresponds with the Internet Agent’s / 
imap4 switch. 


Number of Threads for IMAP4 Connections: The IMAP4 threads setting lets you specify 
the number of connections for IMAP4 requests. The default is 10 threads. This setting 
corresponds with the Internet Agent’s /it switch. 


Number of Threads for IMAP4 SSL Connections: Specify the maximum number of threads 
you want the Internet Agent to use for secure IMAP4 connections. This setting corresponds 
with the Internet Agent’s /sslit switch. 


Maximum Number of Items to Read: Specify in thousands the maximum number of items 
that you want the Internet Agent to download at one time. By default, the Internet Agent 
downloads 10,000 items at a time. For example, specify 15 to download 15,000 items at a time. 
This setting corresponds with the Internet Agent’s /imapreadlimit switch. 


4 Click OK to save the changes. 


The Post Office Agent (POA) can also be configured to support IMAP connections. You could offer 
IMAP services internally through the POA to provide faster response time for internal users, as 
described in Section 36.2.3, “Supporting IMAP Clients,” on page 490. However, IMAP is primarily 
available on the POA to support several third-party applications that communicate with the POA 
using IMAP, while the IMAP services provided by the Internet Agent provide the standard IMAP 
access used by users across the Internet. 


46.3.2 Configuring Post Office Links 


To function as a POP3/IMAP4 server, the Internet Agent requires access to each post office that 
contains mailboxes that will be accessed by a POP3/IMAP4 client. The Internet Agent can connect 
directly to the post office directory through a UNC path or mapped drive, or it can use a TCP/IP 
connection to the Post Office Agent (POA). By default, the Internet Agent uses the access mode that 
has been defined for the post office (Post Office object > GroupWise > Post Office Settings). If 
necessary, you can change the way the Internet Agent links to a post office. 


To change a post office link: 


1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 
2 Click Post Office Links > Settings. 


The Post Office list displays all post offices in your GroupWise system and how the Internet 
Agent connects to them 
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Properties of GWIA 


SMTPMME v | LDAP | POPSIMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | Groupi 
| Settings 


Post Offices: 


Domain Post Office Access Mode 


Legal 173.16.5.11 
Sales jbd-win 
Support 17316.513 
Marketing jbd-Inx 





Edit Link... 
Page Options... Cancel | Apply | Help | 








3 Inthe Post Offices list, select the post office whose link information you want to change, then 
click Edit Link to display the Edit Post Office Link dialog box. 


Edit Post Office Link Fa] 


Domain: Provo3 OK 
Post Office: Marketing 

4 4 Cancel 
Current Post Office Access: Client Server Only 
Access Mode: Client Server Only 


Direct Access 
c 
e 


Client/Server Access 





Host Name or IP Address: [iba-inx 
TCP Port: [1577 








4 Define the following properties: 


Access Mode: The access mode determines whether the Internet Agent uses client/server 
access, direct access, or both client/server and direct access to connect to the post office. With 
client/server and direct, the Internet Agent first tries client/server access; if client/server access 
fails, it then tries direct access. You can also choose to use the same access mode currently 
defined for the post office (on the Post Office object’s Post Office Settings). The current access 
mode is displayed in the Current Post Office Access field. 


Direct Access: When connecting to the post office in direct mode, the Internet Agent can use 
the post office’s UNC path (as defined on the Post Office object’s Identification) or a mapped 
path that you enter. 


Client/Server Access: When connecting to the post office in client/server mode, the Internet 
Agent must know the hostname (or IP address) and port number of the Post Office Agent 
running against the post office. 


5 Click OK. 
6 Repeat Step 3 through Step 5 for each post office whose link you want to change. 
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46.3.3 Giving POP3 or IMAP4 Access Rights to Users 


Access to POP3/IMAP4 services is determined by the class of service in which they are a member. 
By default, all users are members of the default class of service, which gives them POP3 and IMAP4 
access. 


If you changed the default class of service to exclude POP3 or IMAP4 access rights, or if you 
defined additional classes of services that do not provide POP3 or IMAP4 access rights, you might 
want to evaluate your currently defined classes of service to ensure that they provide the appropriate 
POP3 or IMAP4 access. For details, see Section 47.1, “Controlling User Access to the Internet,” on 
page 747. 


46.3.4 Setting Up an E-Mail Client for POP3/IMAP4 Services 


With the Internet Agent set up as a POP3 and/or IMAP4 server, you can configure users’ e-mail 
clients to download messages from GroupWise mailboxes. 


Most e-mail clients are configured differently. However, all Internet clients need to know the 
following information: 
+ POP3/IMAP4 Server: The DNS hostname or IP address of the Internet Agent. 


+ Login Name: The user’s GroupWise user ID. For POP3 clients, there are several user ID login 
options you can use to control how the Internet Agent handles the user’s messages. For 
example, you can limit how many messages are downloaded each session. For more 
information, see “User ID Login Options” on page 743. 


+ Password: The user's existing GroupWise mailbox password. POP3/IMAP4 services requires 
users to have passwords assigned to their mailboxes. 


User ID Login Options 


With POP3 clients, users can add the options listed in the table below to the login name (Group Wise 
user ID) to control management of their mailbox messages. If used, these options override the POP3 
settings assigned through the user’s class of service (see Section 47.1.2, “Creating a Class of 
Service,” on page 748). 


Login options are appended to the user ID name with a colon character (:) between the user ID name 
and the switches: 


Syntax: user_ID:switch 
Example: User1:v=1 


You can combine options by stringing them together after the user ID and the colon without any 
spaces between the options: 


Syntax: user ID:switch1switch2 
Example: User1:v=1sdl1=10 


The syntax for the user ID options is not case sensitive. Login options are not required. If you do not 
want to include any login options, just enter the user ID name in the text box, or following the USER 
command if you are using a Telnet application as your POP3 client. 
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Table 46-1 User ID Login Options 


Option Explanation Example 


v=number between 1-31 The v option defines the POP3 client's view number. If User ID:v=1 
multiple POP3 clients access the same GroupWise 
mailbox, each client must use a different view number in 
order to see a fresh mailbox. 


For example, if two POP3 clients access a mailbox and the 
first client downloads the unread messages, the second 
client cannot download the messages unless it is using a 
different view number than the first client. 


If this option is not used, the default value is 1. 


d The d option deletes the messages from the GroupWise User ID:d 
mailbox after they have been downloaded to the POP3 
client. 


p The p option purges the messages from the GroupWise User ID:p 
mailbox after they have been downloaded to the POP3 
client. 


t=1-1000 The t option defines the download period, starting with the User ID:t=14 
current day. For example, if you specify 14, then only 
messages that are 14 days old or newer are downloaded. 
If this option is not used, the default value is 30 days. 


n The n option downloads messages in RFC-822 format User ID:N 
rather than the default MIME format. 


m The m option downloads messages in MIME format. This User ID:M 
is the default. 


s The s option presets the file size when the STAT command User ID:S 
is executed. If the user mailbox contains a lot of messages 
or large messages, it can take a long time to calculate the 
file size. With this option, the STAT command always 
reports an artificial file size of 1, which can save time. 


1=1-1000 The | option limits the number of messages to download for User ID:1=10 
each POP3 session. For example, if you want to limit the 
number of messages to 10, you enter 1=10. If this option is 
not used, the default value is 100 messages. 


46.4 Configuring Paging Services 


The Group Wise Internet Agent includes the ability to send a Group Wise message to a pager through 
an Internet paging service provider. The Internet Agent’s paging service includes the following 
features: 


+ Smart forwarding: If a message has been replied to or forwarded before being sent to a pager, 
the Internet Agent identifies the original message and sends only it. 


¢ Easy to read originator information: The Internet Agent sends the original From, Subject, 
and Message information to the pager, rather than cryptic Header information. 
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+ User block control: By using the /l=/ength and /b=number switches on the message’s To line, 
the sender can control the block length and number of blocks to send to the pager. By default, 
the Internet Agent sends 255 bytes per block (/1=255 /b=1). 


To set up and use paging services, complete the tasks in the following sections: 


+ Section 46.4.1, “Setting Up Paging,” on page 745 
+ Section 46.4.2, “Using Paging,” on page 746 


46.4.1 Setting Up Paging 


To set up the Internet Agent’s paging service, you need to create a non-GroupWise domain to 
represent the paging service and then use your Internet Agent to link your system to the non- 
Group Wise domain. The non-GroupWise domain enables GroupWise to correctly identify pager 
messages and route messages to the Internet Agent, which can then send the messages to the 
Internet. 


+ “Creating a Non-GroupWise Domain” on page 745 
+ “Linking the Internet Agent to the Non-GroupWise Domain” on page 745 
Creating a Non-GroupWise Domain 


1 In ConsoleOne, right-click the GroupWise System object, click New, then click Non- 
GroupWise Domain to display the Create Non-Group Wise Domain dialog box. 


Create Non-GroupWise Domain 


Domain name: 





Time Zone: 
(GMT-05:00) Eastern Time (US & Canada) 








Link To Domain: 











Provot 


1 Create another domain 





2 Fill in the following information: 


Domain Name: Provide the domain with a name such as Page. Users need to know the name 
when addressing pager messages. 


Time Zone: Select the time zone in which the Internet Agent is located. 
Link to Domain: Select the domain in which the Internet Agent is located. 
3 Click OK to create the domain. 


Linking the Internet Agent to the Non-GroupWise Domain 
1 In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration to display the 
Group Wise Link Configuration tool. 


2 Inthe drop-down list, select the domain that owns the Internet Agent that you are using for this 
paging service. 


3 Inthe Outbound Links box, right-click the non-GroupWise domain, then click Edit. 


4 Click Yes to accept the domain path as the mapped path and display the Edit Domain Link 
dialog box. 
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In the Link Type field, select Gateway. 

In the Gateway Link field, select the Internet Agent. 

In the Gateway Access String field, type -page. 

Click OK to save the information. 

Click File > Exit > Yes to save your changes and exit the Link Configuration tool. 


Restart the Internet Agent. 


© © ON OOO 


46.4.2 Using Paging 


To use paging, Group Wise users must address messages to the non-Group Wise domain, specifying 
the PIN number of the pager and the hostname of the paging service in the following format: 


domain:pin@paging service provider 


For example, 
page:123456789@skytel.com 
page:123456789@epage.arch.com 


By using the /l=/ength and /b=number switches on the message’s To line, the sender can control the 
block length and number of blocks to send to the pager. For example, 


page:123456789@epage.arch.com/1=128/b=4 


By default, the Internet Agent sends 255 bytes per block (/I=255 /b=1). 
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Managing Internet Access 


After you have configured the Internet services that you want the Internet Agent to provide in your 
Group Wise” system, you need to take control ofthe information that flows in and out between your 
Group Wise system and the Internet. 

+ Section 47.1, “Controlling User Access to the Internet,” on page 747 

+ Section 47.2, “Blocking Unwanted E-Mail from the Internet,” on page 757 

+ Section 47.3, “Tracking Internet Traffic with Accounting Data,” on page 764 


47.1 Controlling User Access to the Internet 


You can use the GroupWise Internet Agent’s Access Control feature to configure a user’s ability to 
send and receive SMTP/MIME messages to and from Internet recipients and to access his or her 
mailbox from POP3 or IMAP4 e-mail clients. In addition to enabling or disabling a user’s access to 
features, you can configure specific settings for the features. For example, for outgoing SMTP/ 
MIME messages, you can limit the size of the messages or the sites to which they can be sent. 


Access Control can be implemented at a user, distribution list, post office, or domain level. 
Choose from the following information to learn how to set up and use Access Control. 


+ Section 47.1.1, “Classes of Service,” on page 747 

+ Section 47.1.2, “Creating a Class of Service,” on page 748 

+ Section 47.1.3, “Testing Access Control Settings,” on page 753 

+ Section 47.1.4, “Maintaining the Access Control Database,” on page 755 


47.1.1 Classes of Service 


A class of service is a specifically defined configuration of Internet Agent privileges. A class of 
service controls the following types of access activities: 
+ Whether or not SMTP/MIME messages are allowed to transfer to and from the Internet 


+ Whether or not SMTP/MIME messages are allowed to transfer to and from specific domains on 
the Internet 


+ The maximum size of SMTP/MIME messages that can transfer to and from the Internet 


+ Whether or not SMTP/MIME messages generated by GroupWise rules are allowed to transfer 
to the Internet 


+ Whether or not IMAP4 clients are allowed to access the GroupWise system 
+ Whether or not POP3 clients are allowed to access the GroupWise system, and if allowed, how 
messages to and from POP3 clients are managed by the GroupWise system 


The default class of service, which all users belong to, allows incoming and outgoing SMTP/MIME 
messages, and allows POP3 and IMAP4 access. You can control user access, at an individual, 
distribution list, post office, or domain level, by creating different classes of service and adding the 
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appropriate members to the classes. For example, you could create a class of service that limits the 
size of SMTP/MIME messages for a selected individual, distribution list, post office, or domain. 


Because you can assign membership at the user, distribution list, post office, and domain level, it is 
possible that a single user can be a member of multiple classes of service. This conflict is resolved 
hierarchically, as shown in the following table. 


Table 47-1 Conflict Resolution for Classes of Service 


Membership assigned to a 


user through a... Overrides membership assigned to the user through the... 


domain + default class of service 

post office + default class of service 
+ domain 

distribution list + default class of service 
+ domain 


+ post office 


user + default class of service 
* domain 


+ post office 


If a user’s membership in two classes of service is based upon the same level of membership (for 
example, both through individual user membership), the class that applies is the one that allows the 
most privileges. 





IMPORTANT: The Internet Agent uses the message size limit set for the default class of service as 
the maximum incoming message size for your GroupWise system. Therefore, you should set the 
message size for the default class of service to accommodate the largest message that you want to 
allow into your GroupWise system. As needed, you can then create other classes of service with 
smaller message size limits to restrict the size of incoming messages for selected users, distribution 
lists, post offices, or domains. Methods for restricting message size within your GroupWise system 
are described in Section 12.3.4, “Restricting the Size of Messages That Users Can Send,” on 

page 185. 





Attachments on incoming SMTP messages are included in the mime. 822 file, in addition to being 
attached to the message. Therefore, attachments contribute twice to the size of the overall message. 
Take this into account when determining the maximum incoming message size for your Group Wise 
system. 


47.1.2 Creating a Class of Service 


1 In ConsoleOne®, right-click the Internet Agent object, then click Properties. 
2 Click Access Control > Settings to display the Access Control Settings page. 
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Properties of GWIA 
SMTPMME v | LDAP | POP3AMAP4 | Server Directories 


Class of Service: 


Memberships: 


Member ID 


Page Options... 





3 Click Create to display the Create New Class of Service dialog box. 


Create New Class of Service (3) 
Name: _ a 
Cancel 


Enter the name of the new class of service above. Ifthe boxes below 
are checked, you will be prompted to edit the details of the class of 


service. Help 


IV Edit access settings 


IV Select membership 





4 Type a name for the class, then click OK to display the Edit Class of Service dialog box. 


KS Edit Class of Service 


SMTP Incoming Defaults 
C Inherit access 





© Allow incoming messages 


© Prevent incoming messages 





I Prevent messages larger than 1 s! Kbytes 


Exceptions - 


Allow messages from: Prevent messages from: 














5 On the SMTP Incoming tab, choose from the following options: 


Inherit Access: Select this option if you want members of this class of service to inherit their 
SMTP Incoming access from a class of service assigned at a higher level. For example, a post 
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office inherits the domain’s access. If the domain is not a member of a class of service, the post 
office inherits the default class of service. 


Allow Incoming Messages: Select this option to allow members of the class of service to 
receive e-mail messages through the Internet Agent. You can use the Exceptions option to 
prevent messages from specific Internet sites. 


Prevent Incoming Messages: Select this option to prevent e-mail messages coming from the 
Internet. You can use the Exceptions option to allow messages from specific Internet sites. 


Prevent Messages Larger Than: This option is available only if you chose Allow Incoming 
Messages or Prevent Incoming Messages. In the case of Prevent Incoming Messages, this 
option only applies to messages received from Internet sites listed in the Allow Messages From 
list. 


If you want to set a size limit on incoming messages, select the limit. 


Internet messages that exceed the limit are not delivered. The sender receives an e-mail 
message indicating that the message is undeliverable and including the following explanation: 


Messag xceeds maximum allowed size 





Exceptions: This option is available only if you chose Allow Incoming Messages or Prevent 
Incoming Messages. 


Prevent Messages From: If you chose to allow incoming messages but you want to prevent 
messages from specific Internet sites (IP addresses or DNS hostnames), add the sites to the 
Prevent Messages From list. 


Allow Messages From: Conversely, if you chose to prevent incoming messages but you want 
to allow messages from specific Internet sites (IP addresses or DNS hostnames), add the sites 
to the Allow Messages From list. 


If you want to allow messages where the username is blank, add Blank-Sender-User-ID to the 
Allow Messages From list. 


6 Click SMTP Outgoing, then choose from the following options: 


Inherit Access: Select this option if you want members of this class of service to inherit their 
SMTP Outgoing access from a class of service assigned at a higher level. For example, a post 
office inherits the domain’s access. If the domain is not a member of a class of service, the post 
office inherits the default class of service. 


Allow Outgoing Messages: Select this option to allow members of the class of service to send 
e-mail messages over the Internet. You can use the Exceptions option to prevent messages from 
being sent to specific Internet sites. 


Prevent Outgoing Messages: Select this option to prevent members of the class of service 
from sending e-mail messages over the Internet. You can use the Exceptions option to allow 
messages to be sent to specific Internet sites. 


Prevent Messages Larger Than: This option is available only if you chose Allow Outgoing 
Messages or Prevent Outgoing Messages. 


If you want to set a size limit on outgoing messages, specify the limit. 


Allow Rule-Generated Messages: This option is available only if you chose Allow Outgoing 
Messages or Prevent Outgoing Messages. 


Turn on this option to allow the Internet Agent to send messages that were generated by a 
Group Wise rule. 


In addition, you can use the /blockrulegenmsg startup switch in the Internet Agent startup file 
(gwia.cfg) to allow some types of rule-generated messages while blocking others. 
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Exceptions: This option is available only if you chose Allow Outgoing Messages or Prevent 
Outgoing Messages. 


If you chose to allow outgoing messages but you want to prevent messages from being sent to 
specific Internet sites (IP addresses or DNS hostnames), add the sites to the Prevent Messages 
To list. 


Conversely, if you chose to prevent outgoing messages but you want to allow messages to be 
sent to specific Internet sites (IP addresses or DNS hostnames), add the sites to the Allow 
Messages To list. 


Click IMAP4, then choose from the following options: 


Inherit Access: Select this option if you want members of this class of service to inherit their 
IMAP4 access from a class of service assigned at a higher level. For example, a post office 
inherits the domain’s access. If the domain is not a member of a class of service, the post office 
inherits the default class of service. 


Allow Access: Select this option to allow members of the class to send and receive messages 
with an IMAP4 client. 


Prevent Access: Select this option to prevent members of the class from sending and receiving 
messages with an IMAP4 client. 


Click POP3, then choose from the following options: 


Inherit Access: Select this option if you want members of this class of service to inherit their 
POP3 access from a class of service assigned at a higher level. For example, a post office 
inherits the domain’s access. If the domain is not a member of a class of service, the post office 
inherits the default class of service. 


Allow Access: Select this option to allow members of the class to download their GroupWise 
messages to a POP3 client. 


Prevent Access: Select this option to prevent downloading GroupWise messages to a POP3 
client. 


Delete Messages from GroupWise Mailbox after Download: This option applies only if you 
selected Allow Access. 


If you turn on this option, messages downloaded from a GroupWise Mailbox to a POP3 client 
are moved to the Trash folder in the GroupWise Mailbox. 


POP3 client users can enable this option by using the user/D:d login option when initiating 
their POP session. For more information, see “User ID Login Options” on page 743. 


Purge Messages from GroupWise Mailbox after Download: This option applies only if you 
selected Allow Access. 


If you turn on this option, messages downloaded from a GroupWise Mailbox are moved to the 
Mailbox’s Trash folder and then emptied, completely removing the messages from the 
Mailbox. 


POP3 client users can enable this option by using the user/D:p login option when initiating 
their POP session. For more information, see “User ID Login Options” on page 743. 


Convert Messages to MIME Format When Downloading: This option applies only if you 
selected Allow Access. 


If you turn on this option, messages downloaded to a POP3 client are converted to the MIME 
format. 


POP3 client users can enable this option by using the userJD:m login option when initiating 
their POP session. They can disable it by using the user/D:n login option; this converts 
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messages to RFC-822 format. For more information, see “User ID Login Options” on 
page 743. 


High Performance on File Size Calculations: This option applies only if you selected Allow 
Access. 


POP3 clients calculate the size of each message file before downloading it. Turn on this option 
if you want to assign a size of 1 KB to each message file. This eliminates the time associated 
with calculating a file’s actual size. 

POP3 client users can enable this option by using the user/D:s login option when initiating 
their POP session. For more information, see “User ID Login Options” on page 743. 


Number of Days Prior to Today to Get Messages From: This option applies only if you 
selected Allow Access. 


Select the number of days to go back to look for GroupWise Mailbox messages to download to 
the POP3 client. The default is 30 days. 


POP3 client users can override this option by using the user/D:t=x login option when initiating 
their POP session. For more information, see “User ID Login Options” on page 743. 


Maximum Number of Messages to Download: This option applies only if you selected 
Allow Access. 


Select the maximum number of messages a user can download at one time from a GroupWise 
Mailbox to a POP3 client. The default is 100 messages. 


POP3 client users can override this option by using the userID:l=x login option when initiating 
their POP session. For more information, see “User ID Login Options” on page 743. 


9 Click OK to display the Select GroupWise Object dialog box. 


KE select GroupWise Object 


Fitter: 


Object ID Domain Post Office First Name Last Name 
Art m 


aramirez Provo2 Sales Ramirez 
askoczylas Provo1 Development Alfons Skoczylas 
bgelsomino Provo3 Marketing Benjii Gensomino 
chotton Provo3 Marketing Charles Bolton 
fhaughey Provo3 Marketing Flavian Haughey 
fthompson Provo3 Marketing Fred Thompson 
gsmith Provo1 Development Grace Smith 
hsarmiento Provo1 Development Heather Sarmiento 
jdesoto Provo3 Marketing Janet DeSoto 
JMallory Provo1 Legal James Mallory 
jpangilinan Provo1 Development John Pangilinan © Post Offices 
istevens Provo2 Sales Jason Stevens C Distribution Lists 
jyacoub Provo3 Marketing Ishmael Yacoub 
mbarnard Provo1 Development Matt Barnard 








© Domains 








@ Users 





10 Select Domains, Post Offices, Distribution Lists, or Users to display the list you want. 


11 Inthe list, select the domain, post office, distribution list, or user you want, then click Add to 
add the object as a member in the class. You can Control+click or Shift+click to select multiple 
users. 
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Properties of GWIA 


SMTPMME v | LDAP | POPSIMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | Groupi 
| Settings 


Class of Service: 





Default Class of Service 


Memberships: 


Marketing 
Marketing 
Marketing 
Marketing 
Marketing 
Marketing 
Marketing 
Marketing 
Marketing 


Page Options... 


Post Office 


ok | canes | 


any | 


Help 








12 To add additional domains, post offices, distribution lists or users as members of the class of 
service, select the class of server, then click Add to display the Select Group Wise Object dialog 


box. 


13 Click OK (on the Settings page) when finished adding members. 


47.1.3 Testing Access Control Settings 


If you created multiple classes of service, you might not know exactly which settings are being 
applied to a specific object (domain, post office, distribution list, or user) and which class of service 
the setting is coming from. To discover an object’s settings, you can test the object’s access. 


1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 


2 Click Access Control > Settings to display the Access Control Settings page. 


Properties of GWIA 


SMTPMME v | LDAP | POP3AMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | Groupi 


Class of Service: 


| Settings 





Default Class of Service 


Memberships: 





Member ID 


Post Office 





adharmapalan Marketing 
bgelsomino Marketing 
(cbolton Marketing 
fhaughey Marketing 
fthompson Marketing 
jdesoto Marketing 
jyacoub Marketing 
imlamaroux Marketing 
rsteadman Marketing 


Test 


Page Options... 


Provo3 
Provo3 
Provo3 
Provo3 
Provo3 
Provo3 
Provo3 
Provo3 
Provo3 


Cancel | 


Apply | 


Help 
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3 Click Test to display the Select GroupWise Object dialog box. 


KS select GroupWise Object 





Post Office First Name 
Dharmapalan 

Sales Ramirez 
Provo1 Development Skoczylas 
Provo3 Marketing Gensomino 
Provo3 Marketing Charles Bolton 
Provo3 Marketing Flavian Haughey 
Provo3 Marketing Fred Thompson 
Provo1 Development Grace Smith 
Provo1 Development Heather Sarmiento 
Provo3 Marketing Janet DeSoto 
Provot Legal James Mallory 
Provo1 Development John Pangilinan C Post Offices 
Provo2 Sales Jason Stevens C Distribution Lists 
Provo3 Marketing Ishmael Yacoub 
Provo Development Matt Barnard = © Users 


© Domains 





You use this dialog box to select the object (domain, post office, distribution list, or user) whose 
access you want to test. 


4 Select Domains, Post Offices, Distribution Lists, or Users to display the list you want. For 
example, if you want to see what access an individual user has, select Users. 


5 In the list, select the object you want to view, then click View Access. 
The tabbed pages show the access control settings for SMTP Incoming, SMTP Outgoing, 
IMAP4, and POP3 as they are applied to that user, distribution list, post office, or domain. 


View Access 


| SMTP outgoing | mapa | pops | 


Allow incoming SMTP messages by default 
Incoming SMTP messages can be any size 





‘Setting Source — 


Class of Service: --- 
Domain: 

Post Office: 

Member ID: 








6 To view the source for a specific setting, select the setting in the Setting box 


The Setting Source fields display the class of service being applied to the object. It also displays 
the Member ID through which the class is being applied. 
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View Access 


SMTP Incoming | SMTP Outgoing | mapa | POPS | 


Setting 
[ Allow incoming SMTP messages by default 0 
Incoming SMTP messages can be any size 


‘Setting Source 


Class of Service: Marketing 
Domain: Provo3 
Post Office: Marketing 
Member ID: idesoto 








7 When finished, click OK. 


47.1.4 Maintaining the Access Control Database 


The Access Control database stores the information for the various classes of service you have 
created. If any problems occur with a class of service, you can validate the database to check for 
errors with the records and indexes contained in the database. If errors are found, you can recover 
the database. 


The Access database, gwac . db, is located in the domain\wpgate\gwia directory. 
+ “Validating the Database” on page 755 
+ “Recovering the Database” on page 756 

Validating the Database 


1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 
2 Click Access Control > Database Management to display the Database Management page. 
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Properties of GWIA 
SMTPMIME + | LDAP | POPSIMAPS | Server Directories | Reattach | Post Office Links | Grou 


Validate Database 
Validate checks for physical consistency. If problems are found, you should perform a Recover. 


Validate Now... 


Recover Database 
Recover can be performed even when the database is in use. Any database inconsistencies will be corrected, but may 


result in loss of information. 
Recover Now... 


Page Options... Cancel 








3 Click Validate Now. 
4 After the database has been validated, click OK. 


5 If errors were found, see Recovering the Database below. 


Recovering the Database 


If you encountered errors when validating the database, you must recover the database. During the 
recovery process a new database is created and all intact records are copied to the new database. 
Some records might not be intact, so you should check the classes of services to see if any 
information was lost. 


1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 
2 Click Access Control > Database Management to display the Database Management page. 


Properties of GWIA 


SMTPMIME + | LDAP | POPSIMAP4 | Server Directories | Reattach | Post Office Links | Grol [4] >] 
l 


Validate Database 
Validate checks for physical consistency. If problems are found, you should perform a Recover. 


Validate Now... 


Recover Database 
Recover can be performed even when the database is in use. Any database inconsistencies will be corrected, but may 
result in loss of information. 


Recover Now... 


Page Options... 
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3 Click Recover Now. 
4 Click OK. 


5 Check your class of service list to make sure that it is complete. 


47.2 Blocking Unwanted E-Mail from the Internet 


The GroupWise Internet Agent includes the following features to help you protect your Group Wise 
system and users from unwanted e-mail: 

+ Section 47.2.1, “Real-Time Blacklists,” on page 757 

+ Section 47.2.2, “Access Control Lists,” on page 759 

+ Section 47.2.3, “Blocked.txt File,” on page 759 

+ Section 47.2.4, “Mailbomb (Spam) Protection,” on page 760 

+ Section 47.2.5, “Customized Spam Identification,” on page 761 

+ Section 47.2.6, “SMTP Host Authentication,” on page 762 

+ Section 47.2.7, “Unidentified Host Rejection,” on page 763 


47.2.1 Real-Time Blacklists 


Many organizations, such as Mail Abuse Prevention System (MAPS*) and SpamCop*, provide lists 
of IP addresses that are known to be open relay hosts or spam hosts. If you want to use free blacklist 
services such as these, or if you subscribe to fee-based services, you can define the blacklist 
addresses for these services. The Internet Agent then uses the defined services to ensure that no 
messages are received from blacklisted hosts. The following sections provide information to help 
you define blacklist addresses and, if necessary, override a host address included in a blacklist. 

+ “Defining a Blacklist Address” on page 757 


+ “Overriding a Blacklist” on page 759 


Defining a Blacklist Address 


1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 
2 Click Access Control > Blacklists to display the Blacklists page. 
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Properties of GWIA 
SMTPMIME + | LDAP | POP3AMAP4 | Server Directories Reattach | Post Office Links | Groupi 


Blacklist Addresses 








Page Options... | Cancel | 








The Blacklist Addresses list displays the addresses of all blacklists that the Internet Agent 
checks when it receives a message from another SMTP host. The Internet Agent checks the 
first blacklist and continues checking lists until the sending SMTP host’s IP address is found or 
all lists have been checked. If the sending SMTP host’s IP address is included on any of the 
blacklists, the message is rejected. If you have the Internet Agent’s logging level set to Verbose, 
the log file includes information about the rejected message and the referring blacklist. 


This list corresponds with the Internet Agent’s /rbl switch. 
3 Click Add to display the New Blacklist Address dialog box. 


New Blacklist Address 


Address: 


Cancel 
Help 





The following list provides the names, Web sites, and blacklist addresses for two services that 
are free at the time of this release: 


Service Site Address 


Mail Abuse Prevention www.mail-abuse.org blackholes.mail-abuse.org 
System (MAPS) 


SpamCop www.spamcop.net bl.spamcop.net 


4 Type the blacklist address in the Address box, then click OK to add the address to the Blacklist 
Addresses list. 


5 If you have multiple blacklists in the Blacklist Addresses list, use the up-arrow and down-arrow 
to position the blacklists in the order you want them checked. The Internet Agent checks the 
blacklists in the order they are listed, from top to bottom. 


6 Click OK to save your changes. 
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Overriding a Blacklist 


In some cases, a blacklist might contain a host from which you still want to receive messages. For 
example, goodhost.com has been accidentally added to a blacklist but you still want to receive 
messages from that host. 


You can use the SMTP Incoming Exceptions list on a class of service to override a blacklist. For 
information about editing or creating a class of service, see Section 47.1.2, “Creating a Class of 
Service,” on page 748. 


47.2.2 Access Control Lists 


If you want to block specific hosts yourself rather than use a blacklist (in other words, create your 
own blacklist), you can configure a class of service that prevents messages from those hosts. You do 
this on the Internet Agent object’s Access Control Settings page by editing the desired class of 
service to add the hosts to the Prevent Messages From exception list on the SMTP Incoming tab. For 
example, if you wanted to block all messages from badhost.com, you could edit the default class of 
service to add badhost.com to the list of prevented hosts. 


You can also create a list of hosts that you always want to allow messages from, so you can create 
your own white list. 


For information about editing or creating a class of service, see Section 47.1.2, “Creating a Class of 
Service,” on page 748. 


47.2.3 Blocked.txt File 


ConsoleOne creates a blocked.txt file that includes all the hosts that have been added to the 
Prevent Messages From exceptions list for the default class of service (see Section 47.1, 
“Controlling User Access to the Internet,” on page 747). 


You can manually edit the blocked.txt file to add or remove hosts. To maintain consistency for 
your system, you can also copy the list to other Internet Agent installations. 


To manually edit the blocked. txt file: 


1 Open the blocked.txt file in a text editor. 
2 Add the host addresses. 


The entry format is: 


address1 
address2 
address3 


where address is either a hostname or an IP address. You can block on any octet. For example: 


IP Address Blocks 
*** 34 Any IP address ending with 34 
172.16.*.34 Any IP address starting with 172.16 and ending with 34 


172.16.10-34.* Any IP address starting with 172.16 and any octet from 10 to 34 


You can block on any segment of the hostname. For example: 
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Hostname Blocks 


provo*.novell.com  provo.novell.com 
provo1.novell.com 
provo2.novell.com 


*.novell.com gw.novell.com (but not novell.com itself) 


There is no limit to the number of IP addresses and hostnames that you can block in the 
blocked. txt file 


3 Save the file asblocked.txt. 


47.2.4 Mailbomb (Spam) Protection 


Multiple unsolicited messages (sometimes called a mailbomb or spam) from the Internet can 
potentially harm your GroupWise messaging environment. You can use the settings on the SMTP 
Security page to help protect your GroupWise system from malicious or accidental attacks. 


To configure the SMTP security settings: 


1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 
2 Click SMTP/MIME > Security Settings. 


Properties of GWIA 
SMTP/MIME + | LDAP | POP3AMAP4 | Server Directories | Access Control >| Reattach | Post Office Links | Groug 
Security Settings 
D Reject mail if sender's identity cannot be verified 
[7 Enable mailbomb protection 
Mailbomb Threshold 


= messages received within + seconds 


Mailbomb candidates that exceed this threshold will be discarded. 


Page Options... Cancel 








3 Fill in the fields: 


Reject Mail if Sender’s Identity Cannot be Verified: This setting lets you prevent messages 
if the sender’s host is not authentic. 


When this setting is turned on, the Internet Agent refuses messages from a smart host ifa DNS 
reverse lookup shows that a PTR record does not exist for the IP address of the sender’s host. 


When this setting is turned off, the Internet Agent accepts messages from any host, but display 
a warning if the initiating host is not authentic. 


This setting corresponds with the Internet Agent’s /rejbs switch. 
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Enable Mailbomb Protection: Mailbomb protection is turned off by default. You can turn it 
on by selecting this option. 


Mailbomb Threshold: When you enable Mailbomb protection, default values are defined in 
the threshold settings. The default settings are 30 messages received within 10 seconds. You 
can change the settings to establish an acceptable security level. 


Any group of messages that exceeds the specified threshold settings is entirely discarded. If 
you want to prevent future mailbombs from the mailbomb sender, identify the sender’s IP 
address (by looking at the Internet Agent’s console) and then modify the appropriate class of 
service to prevent mail being received from that IP address (Access Control > Settings). For 
more information, see Section 47.1.2, “Creating a Class of Service,” on page 748. 


The time setting corresponds with the Internet Agent’s /mbtime switch. The message count 
setting corresponds with the /mbcount switch. 


4 Click OK to save the changes. 


You can protect your system against mailbombs (spam). With mailbomb protection enabled, if the 
Internet Agent receives a certain number of messages (the default is 30) from the same host or IP 
address within a specific time interval (the default is 10 seconds), it discards the messages. 


47.2.5 Customized Spam Identification 


Before GroupWise 7, you could use the /xspam startup switch to flag messages for handling by the 
client Junk Mail Handling feature if they contained an x-spam-flag:yes in the MIME header. Starting 
in GroupWise 7, you can configure as many strings as needed to identify junk mail and you can use 
ConsoleOne to specify the strings. 


1 In ConsoleOne, right-click the Internet Agent, then click Properties. 
2 Click SMTP/MIME > Junk Mail. 


Properties of GWIA 
DAP | POPSAMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | Group, 


Junk Mail 


F Flag any messages that contain x-spam-flag:yes or any of the following x-fields and values in the MIME header as 
junk mail: 





Page Options... | Cancel | 








3 Select Flag Any Messages, then specify the strings in the text box. 


Anti-spam services use different indicators to mark potential spam. One might use a string of 
asterisks; the more asterisks, the greater the likelihood that the message is spam. Another might 


Managing Internet Access 


761 


use a numerical value; the higher the number, the greater the likelihood that the message is 
spam. The following samples are taken from MIME headers of messages: 


X-Spam-Results: ***** 

X-Spam-Status: score=9 

Based on these samples, examples are provided below of lines that you could add to the list to 
handle the X-Spam tags found in the MIME headers of messages coming into your system. 
Example: 

X-Spam-Results: ***** 


This line marks as spam any message whose MIME header contained an X-Spam-Results tag 
with five or more asterisks. Messages with X-Spam-Results tags with fewer than five asterisks 
are not marked as spam. 


Example: 
X-Spam-Status: Yes 


This line marks as spam any message whose MIME header contained the X-Spam-Status tag 
set to Yes, regardless of the score. 


Example: 
X-Spam-Status: score=9 
X-Spam-Status: score=10 


These lines marks as spam any message whose MIME header has the X-Spam-Status tag set to 
Yes and had a score of 9 or 10. X-Spam-Status tags with scores less than 9 are not marked as 
spam. 


You can add as many lines as necessary to the list to handle whatever message tagging your 
anti-spam service uses. 


4 Click OK to save your list of strings. 


The list is saved in the xspam. cfg file in the domain\wpgate\ gwia directory. As described 
above, each line of the xspam.cfg file identifies an “X” header field that your anti-spam service is 
writing to the MIME header, along with the values that flag the message as spam. The Internet 
Agent examines the MIME header for any field listed in the xspam. cfg file. When a match 
occurs, the message is marked for handling by the GroupWise client Junk Mail Handling feature. 


47.2.6 SMTP Host Authentication 


The Internet Agent supports SMTP host authentication for both outbound and inbound message 
traffic. 


+ “Outbound Authentication” on page 762 
+ “Inbound Authentication” on page 763 
Outbound Authentication 


For outbound authentication to other SMTP hosts, the Internet Agent requires that the remote SMTP 
hosts support the AUTH LOGIN authentication method. To set up outbound authentication: 


1 Include the remote SMTP host’s domain name an authentication credentials in the 
gwauth.cfg file, located in the domain\wpgate\ gwia directory. The format is: 


domain name authuser authpassword 


For example: 
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smtp.novell.com remotehost novell 


2 Ifyou have multiple SMTP hosts that require authentication before they accept messages from 
your system, create an entry for each host. Make sure to include a hard return after the last 
entry. 


3 If you want to allow the Internet Agent to send messages only to SMTP hosts listed in the 
gwauth.cfg file, use the following startup switch: 


/forceoutboundauth 


With the /forceoutboundauth switch enabled, if a message is sent to an SMTP host not listed in 
the gwauth.cfg file, the sender receives an Undeliverable message. 


Inbound Authentication 


For inbound authentication from other SMTP hosts, you can use the /forceinboundauth startup 
switch to ensure that the Internet Agent accepts messages only from SMTP hosts that use the AUTH 
LOGIN authentication method to provide a valid GroupWise user ID and password. The remote 
SMTP hosts can use any valid Group Wise user ID and password. However, for security reasons, we 
recommend that you create a dedicated GroupWise user account for remote SMTP host 
authentication. 


47.2.7 Unidentified Host Rejection 


You can have the Internet Agent reject messages from unidentified sources. The Internet Agent 
refuses messages from a host if a DNS reverse lookup shows that a “PTR” record does not exist for 
the IP address of the sender’s host. 


If you choose not to have the Internet Agent reject messages from unidentified hosts, it accepts 
messages from any host, but it displays a warning if the sender’s host is not authentic. 


To configure the Internet Agent to reject messages from unidentified hosts: 


1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 
2 Click SMTP/MIME > Security Settings to display the Security Settings page. 


Properties of GWIA 
SMTP/IMIME + | LDAP | POPSIMAP4 | Server Directories | Access Control >| Reattach | Post Office Links | Groug 
Security Settings 
T Reject mail if sender's identity cannot be verified 
| Enable mailbomb protection 


Mailbomb Threshold 


+ messages received within + seconds 


Mailbomb candidates that exceed this threshold will be discarded. 





Page Options... Cancel 
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3 Turn on the Reject Mail if Sender s Identity Cannot Be Verified option. 
This setting corresponds with the Internet Agent’s /rejbs switch. 


4 Click OK to save your changes. 


47.3 Tracking Internet Traffic with Accounting 
Data 


The Internet Agent can supply accounting information for all messages, including information such 
as the message’s source, priority, size, and destination. 


The accounting file is an ASCII-delimited text file that records the source, priority, message type, 
destination, and other information about each message sent through the gateway. The file, which is 
updated daily at midnight (and each time the Internet Agent restarts), is called acct and is located 
in the xxx. prc directory. If no accountant is specified for the gateway in ConsoleOne, the file is 
deleted and re-created each day. Follow the steps below to set up accounting. 

+ Section 47.3.1, “Selecting an Accountant,” on page 764 

¢ Section 47.3.2, “Enabling Accounting,” on page 765 


+ Section 47.3.3, “Understanding the Accounting File,” on page 766 


47.3.1 Selecting an Accountant 


You can select one or more GroupWise users to be accountants. Every day at midnight, each 
accountant receives an accounting file (acct) that contains information about the messages the 
gateway sent that day. 

1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 

2 Click GroupWise > Gateway Administrators to display the Gateway Administrators page. 


Properties of GWIA 
LDAP | POP31MAP4 | Server Directories | Access Control ~| Reattach | Post Office Links 








Administrator Role 





r 
r 





Page Options... Cancel | 





3 Click Add, browse for and select the user you want to add, then click OK to add the user to the 
list of administrators. 
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4 Select the user in the list of administrators, then click Accountant. 


Properties of GWIA 


hsarmiento Development Pr ovo1 5 





; Administrator Role 
T Operator 
IV Accountant 
I Postmaster 
T Foreign Operator 





Page Options... 


&x) 


LDAP | POPSIMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | GroupWise ~i 


| Gateway Administrators 





Add Delete 





OK Cancel Apply Help 








5 Click OK to save the changes. 


47.3.2 Enabling Accounting 


1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 


2 Click GroupWise > Optional Gateway Settings to display the Optional Gateway Settings page. 


Properties of GWIA 


POP3AMAP4 | Server Directories | Access Control “| Reattach | Post Office Links | GroupWise + |hos/ 


Directory Sync/Exchange: 
Accounting: 
Convert Status to Messages: 
Outbound Status Level: 
Enable Recovery: 
Retry Count: 
Retry Interval: 
Failed Recovery Wait: 
Network Reattach Command: 
Correlation Enabled: 
Correlation Age: 

rHTTP Settings 

HTTP User Name: 


HTTP Password: 


| Optional Gateway Settings 


None 


Yes 





[vo 


Undelivered 5 


Yes ha 
[na 

E seconds 

[3600 = seconds 





Pres 


14 S| days 








Set Password 





Page Options... 


3 Set Accounting to Yes. 


OK Cancel Apply Help 





4 Set Correlation Enabled to Yes. 


5 Click OK. 
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47.3.3 Understanding the Accounting File 


The following is an Accounting file entry for a single event. Each field in the entry is described 


below. 


0,11/25/2007, 21:58:39, 3DE29CD2.14E:7:6953, 


Mail,2,Provo,Research, jsmith, 4890 
Agenda, Provo, GWIA, sde23a9f.001,MIM!I 














Table 47-2 Accounting File Entry Fields 


Field 


Inbound/Outbound 


Date 
Time 


GroupWise message ID 


GroupWise message type 


GroupWise message 
priority 


GroupWise user’s domain 


GroupWise user’s post 


office 


GroupWise user’s ID 


GroupWise user’s account 
ID 


Message subject 


Gateway domain 
Gateway name 


Foreign message ID 


Foreign message type 


Example 


O 


11/25/2007 
21:58:39 
3DE29CD2. 14E:7:6953 


Mail 


Provo 


Research 


jsmith 


48909 


Meeting Agenda 


Provo 
GWIA 


sde23a9f.001 


MIME 
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9, Meeting 
E,hjonesGnovell.com,1,2,11388,0 


Description 


Displays | for inbound messages and O for 
outbound messages 


The date the message was processed. 
The time the message was processed. 


The unique GroupWise ID assigned to the 
message. 


Mail message, appointment, task, note, or 
phone message for outbound messages. 
Unknown for inbound messages. 


High priority = 1 
Normal priority = 2 
Low priority = 3 


The domain in which the GroupWise user 
resides. 


The post office where the GroupWise user’s 
mailbox resides. 


The GroupWise user's ID. For outbound 
messages, the GroupWise user is the message 
sender. For inbound messages, the GroupWise 
user is the message recipient. 


The GroupWise user’s account ID. The account 
ID is assigned on the user’s GroupWise Account 
page (User object > GroupWise > Account). 


The message’s Subject line. Only the first 32 
characters are displayed. 


The domain where the Internet Agent resides. 
The Internet Agent’s name. 


A unique ID for outbound messages. The 
identifier before the period (sde23a9f) uniquely 
identifies a message. The identifier after the 
period (001) is incremented by one for each 
message sent. 


The message type (MIME, etc.) 


Field Example Description 


Foreign user’s address hjones@novell.com The foreign user’s e-mail address. For inbound 
messages, the foreign user is the message 
sender. For outbound messages, the foreign 
user is the message recipient. 


Recipient count 1 The number of recipients. 


Attachment count 2 The number of attached files. The total count 
includes the message. 


Message size 11388 The total size, in bytes, of the message and its 
attachments. 
Other 0 Not used. 


You can use the Monitor Agent to generate a report based on the contents of this file. For more 
information, see Section 61.3.10, “Gateway Accounting Report,” on page 1011. 
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Configuring the Internet Agent 


As your Group Wise” system grows and evolves, you might need to modify Internet Agent 
configuration to meet the changing needs of your system. The following topics help you configure 
the Internet Agent: 


+ Section 48.1, “Changing the Link Protocol between the Internet Agent and the Message 
Transfer Agent,” on page 769 

+ Section 48.2, “Configuring an Alternate Internet Agent for a Domain,” on page 770 

¢ Section 48.3, “Binding the Internet Agent to a Specific IP Address,” on page 771 

+ Section 48.4, “Securing Internet Agent Connections with SSL,” on page 772 


48.1 Changing the Link Protocol between the 
Internet Agent and the Message Transfer Agent 
Before GroupWise 7, the Internet Agent and the MTA communicated by transferring message files 


through message queue directories, as shown in the following diagrams in GroupWise 7 
Troubleshooting 3: Message Flow and Directory Structure: 


+ “Mapped/UNC Link: Outbound Transfer to the Internet Successful” 

+ “Mapped/UNC Link: Inbound Transfer from the Internet Successful” 
Starting in GroupWise 7, you can configure the Internet Agent so that it uses TCP/IP to 
communicate with the MTA, instead of message files, as shown in the following diagrams: 

+ “TCP/IP Link: Outbound Transfer to the Internet Successful” 

+ “TCP/IP Link: Inbound Transfer from the Internet Successful” 
During installation of the Internet Agent, you had the opportunity to choose between a direct link 


(message files) and a TCP/IP link. If you did not choose the TCP/IP link during installation, you can 
configure the Internet Agent to use TCP/IP at any time. 


If you want to enable TCP/IP communication between the Internet Agent and the MTA, use 7102 or 
another available port number. If you do not want to enable TCP/IP communication, use 0 (zero) as 
the port number. 


1 In ConsoleOne®, right-click the Internet Agent, then click Properties. 
2 Click GroupWise > Network Address. 
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Properties of GWIA 


LDAP | POPIMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | GroupWise ~ | NDS! 
| Network Address | 





TCPAP Address: jibd-nwe 








IPXISPX Address: | 
I Bind Exclusively to TCPAP Address 


Port SSL SSL Port 
Message Transfer: ol + Disabled 7 | 








HTTP: 9850 $| [Disabled =] 





SMTP: 25 $| pisabied + | 





110 $| [Disabled ~ | 





143 4 Disabled v| 




















389 $| pisabied ~ | 


Page Options... Cancel | Appy | Hep | 








3 Inthe TCP/IP Address field, click Edit, specify the IP address of the server where the Internet 
Agent is running, then click OK to return to the Network Address page. 


4 In the Message Transfer Port field, specify a unique port number; for example, 7102. 
5 Click OK to save the new link configuration for the Internet Agent. 
ConsoleOne then notifies the Internet Agent and MTA to restart using the new link protocol. 


48.2 Configuring an Alternate Internet Agent for 
a Domain 


By configuring the Internet Agent to communicate with the MTA by way of TCP/IP, you can 
configure an alternate Internet Agent for a domain, so that if the domain’s primary Internet Agent 
goes down, the MTA can fail over to another Internet Agent in your GroupWise system until the 
primary Internet Agent is up and running again. This feature is especially useful in large Group Wise 
systems with multiple Internet Agents that handle a lot of Internet messages. 


1 Make sure that you have configured the Internet Agents for TCP/IP, as described in Changing 
the Link Protocol between the Internet Agent and the Message Transfer Agent. 


2 In ConsoleOne, right-click the Domain object, then click Properties. 


3 Click GroupWise > Internet Addressing. 
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Properties of Provo’ 


vereun Wise” | NDS Rights + | Other | Rights to Files and Folders | 
{Internet Addressing || 


Preferred Address format: 


| isal 


Defined at: Corporate Mail 





Allowed Address Formats 


Defined at: Corporate Mail 


Internet domain name: 








Defined at: Corporate Mail 
T For incoming mail, recipients are known exclusively by this Internet domain name 


Internet Agent for outbound SMTPMIME messages: 











Defined at: Corporate Mail 


Alternate Internet Agent for outbound SMTP/MIME messages: 
<None> v 








Page Options... | Cancel | 





4 In the Alternate Internet Agent for Outbound SMTP/MIME Messages field, select an Internet 
Agent as an alternate for this domain. 


5 Click OK to save your changes. 


The MTA always tries to transfer outbound Internet messages to the primary Internet Agent first, so 
after an outage the primary Internet Agent automatically resumes its normal processing for the 
domain. 


48.3 Binding the Internet Agent to a Specific IP 
Address 


You can now cause the Internet Agent to bind to a specified IP address when the server where it runs 
uses multiple IP addresses. The specified IP address is associated with all ports used by the agent. 
Without an exclusive bind, the Internet Agent binds to all IP addresses available on the server. 


1 In ConsoleOne, browse to and right-click the Internet Agent object, then click Properties. 


2 Click GroupWise > Network Address to display the Network Address page. 
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POPSAMAP4 | Server Directories | Access Control ~| Reattach | Post Office Links | GroupWise + | NDS Rights ~vi 
Network Address 





TCPAP Address: jibd-nw 





IPXISPX Address: | 
I Bind Exclusively to TCPAP Address 


Port SSL SSL Port 
a 
Message Transfer: 7102 4 Disabled 7 | 








HTTP: 9850 $| [Disabled =] 





SMTP: 25 $| [Disabled + | 





110 $| [Disabled ~ | 





143 4 Disabled v| 




















389 $| [Disabled ~ | 


Page Options... cancel | Appy | Help 








3 Select Bind Exclusively to TCP/IP Address, then click OK to save your change. 


Corresponding Startup Switches 
You can also use the /ip startup switch in the Internet Agent startup file to establish an exclusive bind 
to the specified IP address. 


48.4 Securing Internet Agent Connections with 
SSL 


The Internet Agent can use the SSL (Secure Socket Layer) protocol to enable secure connections to 
other SMTP hosts, POP/IMAP clients, and the Internet Agent Web console. For the Internet Agent 
to do so, you must ensure that it has access to a server certificate file and that you’ve configured the 
connection types (SMTP, POP, IMAP, HTTP) you want secured through SSL. The following 
sections provide instructions: 


+ Section 48.4.1, “Defining the Certificate File,” on page 772 
+ Section 48.4.2, “Defining Which Connections Use SSL,” on page 773 


48.4.1 Defining the Certificate File 


To use SSL, the Internet Agent requires access to a server certificate file and key file. The Internet 
Agent can use any Base64/PEM or PFX formatted certificate file located on its server. If the Internet 
Agent’s server does not have a server certificate file, you can use the GroupWise Generate CSR 
utility to help you obtain one. For information, see Section 5.17.6, “GroupWise Generate CSR 
Utility (GWCSRGEN),” on page 83. 


To define the certificate file and key file that the Internet Agent will use: 


1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 
2 Click GroupWise > SSL Settings to display the SSL Settings page. 
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Properties of GWIA 
LDAP | POP31MAP4 | Server Directories | Access Control v | Reattach | Post Office Links 





Certificate file: 








SSL key file: 


Set Password 


Page Options... | Cancel | 








3 Fill in the Certificate File, SSL Key File, and Set Password fields: 


Certificate File: Specify the server certificate file that the Internet Agent will use. The 
certificate file must be in Base64/PEM or PFX format. If you type the filename rather than 
using the Browse button to select it, use the full path if the file is not in the same directory as the 
Internet Agent program. This setting corresponds to the Internet Agent’s /certfile switch. 


SSL Key File: Specify the key file associated with the certificate. If the private key is included 
in the certificate file rather than in a separate key file, leave this field blank. If you type the 
filename rather than using the Browse button to select it, use the full path if the file is not in the 
same directory as the Internet Agent program. This setting corresponds to the Internet Agent’s / 
keyfile switch. 


Set Password: Click Set Password to specify the password for the key. If the key does not 
require a password, do not use this option. This setting corresponds to the /keypasswd switch. 


4 If you want to define which connections (HTTP, SMTP, POP3, or IMAP4) use SSL, click 
Apply to save your changes, then continue with the next section, Section 48.4.2, “Defining 
Which Connections Use SSL,” on page 773. 


or 


Click OK to save your changes. 


48.4.2 Defining Which Connections Use SSL 


After you define the Internet Agent’s certificate and key file (see Section 48.4.1, “Defining the 
Certificate File,’ on page 772), you can configure which connections you want to use SSL. You can 
enable SSL connections to other SMTP hosts and the Internet Agent Web console, which means that 
an SSL connection is used if the other SMTP host or the Web browser (running the Web console) 
supports SSL. You can also enable or require SSL connections to POP3 and IMAP4 clients. If SSL 
is enabled, an SSL connection is used if the client supports SSL; if SSL is required, only SSL 
connections are accepted. 


To configure connections to use SSL: 
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1 In ConsoleOne, if the Internet Agent object’s property pages are not already displayed, right- 
click the Internet Agent object, then click Properties. 


2 Click GroupWise > Network Address to display the Network Address page. 


Properties of GWIA 


POPSAMAP4 | Server Directories | Access Control ~| Reattach | Post Office Links | GroupWise ~v | NDS Rights ~ 
Network Address 


TOPIP Address: ibd-nw 
[ 


IPX/SPX Address: 2] 





I Bind Exclusively to TCPAP Address 


SSL SSL Port 





Message Transter: Disabled ¥ | 





HTTP: Disabled 7 | 





SMTP: Disabled + | 








Disabled ¥ | 





Disabled x | 

















Disabled Y | 





Page Options. Cancel | Apply | Help 





3 Configure the SSL settings for the following connections: 


HTTP: Select Enabled to enable the Internet Agent to use a secure connection when passing 
information to the Internet Agent Web console. The Web browser must also be enabled to use 
SSL; if it is not, a non-secure connection is used. 


SMTP: Select Enabled to enable the Internet Agent to use a secure connection to other SMTP 
hosts. The SMTP host must also be enabled to use SSL or TLS (Transport Layer Security); if it 
is not, a non-secure connection is used. 


POP: Select from the following options to configure the Internet Agent’s use of secure 
connections to POP clients: 


+ Disabled: The Internet Agent does not support SSL connections. All connections are non- 
SSL through port 110. 


+ Enabled: The POP client determines whether an SSL connection or non-SSL connection 
is used. The Internet Agent listens for SSL connections on port 995 and non-SSL 
connections on port 110. 


+ Required: The Internet Agent forces SSL connections on port 995 and port 110. Non-SSL 
connections are denied. 


IMAP: Select from the following options to configure the Internet Agent’s use of secure 
connections to IMAP clients: 


¢ Disabled: The Internet Agent does not support SSL connections. All connections are non- 
SSL through port 143. 


+ Enabled: The IMAP client determines whether an SSL connection or non-SSL 
connection is used. The Internet Agent listens for SSL connections on port 993 and non- 
SSL connections on port 143. 


+ Required: The Internet Agent forces SSL connections on port 993 and port 143. Non- 
SSL connections are denied. 
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You can monitor the operation of the GroupWise® Internet Agent by using several different 
diagnostic tools. Each provides important and helpful information about the status of the Internet 
Agent and how it is currently functioning. Choose from the titles listed below to learn more about 
how to monitor the operations of the Internet Agent. 

+ Section 49.1, “Using the Internet Agent Server Console,” on page 775 

+ Section 49.2, “Using the Internet Agent Web Console,” on page 787 

+ Section 49.3, “Using Novell Remote Manager,” on page 789 

+ Section 49.4, “Using an SNMP Management Console,” on page 789 

+ Section 49.5, “Assigning Operators to Receive Warning and Error Messages,” on page 790 


+ Section 49.6, “Using Internet Agent Log Files,” on page 791 





+ Section 49.7, “Using Internet Agent Error Message Documentation,” on page 796 
+ Section 49.8, “Employing Internet Agent Troubleshooting Techniques,” on page 796 
+ Section 49.9, “Stopping the Internet Agent,” on page 796 


49.1 Using the Internet Agent Server Console 


The Internet Agent console provides information, status, and message statistics about the Internet 
Agent to help you assess its current functioning. 


Figure 49-1 Internet Agent Console 
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10:37:49 968 MTP: Message Transfer Protocol initialization... a 
10:37:49 968 MTP: Queue initialization... 

10:37:50 368 MTP: Queue initialization... 

10:37:50 968 Warning - A postmaster must be set for this gateway. 

10:37:53 FEC Starting GWPOP-Listener 

10:37:54 9D4 Starting GWIMAP-Listener 

10:37:55 944 Starting GWHTTP-Listener 

10:37:55 968 HTTP server running 

10:37:55 9B0 LDAP server running x 





NetWare The Internet Agent console always displays on the NetWare® server console. 
Linux: You must use the --show startup switch in order to display the Linux Internet Agent server 
console. 
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Windows: If the Internet Agent is running as a Windows service under the Local System User, it is 
displayed on the desktop only if the Allow Service to Interact with Desktop option was 
selected during installation or has been configured on the Internet Agent service’s General 


property page. 


Refer to the following sections for information about the specific sections and functionality included 
in the console: 

+ Section 49.1.1, “Description,” on page 776 

+ Section 49.1.2, “Status,” on page 776 

+ Section 49.1.3, “Statistics,” on page 777 

+ Section 49.1.4, “Logging,” on page 784 


+ Section 49.1.5, “Menu Functions,” on page 785 


49.1.1 Description 


The description section of the console identifies the Internet Agent and displays how long its has 
been running. 


Figure 49-2 Internet Agent Server Console 
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10:37:49 968 MTP: Message Transfer Protocol initialization... 
10:37:49 968 MTP: Queue initialization... 
10:37:50 968 MTP: Queue initialization... 
10:37:50 968 Warning - A postmaster must be set for this gateway. 

10:37:53 7EC Starting GWPOP-Listener 

10:37:54 9D4 Starting GWIMAP-Listener 

10:37:55 944 Starting GWHTTP-Listener 

10:37:55 968 HTTP server running 

10:37:55 9B0 LDAP server running x 





Domain.Gateway: Displays the domain and Internet Agent names. 


Up Time: Displays the total length of time the Internet Agent has been running. If the Internet 
Agent terminates unexpectedly (such as in a power outage), the Up Time display does not reset to 0 
(zero). It shows the total time elapsed since the Internet Agent was last loaded after a proper 
termination. 


Description: Displays any descriptive information provided on the Internet Agent object’s 
Identification page (Internet Agent object > GroupWise > Identification). 


49.1.2 Status 


The Status section of the console provides a quick look at the Internet Agent’s current message 
processing activity, network connectivity, and information logging level. 
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Figure 49-3 Internet Agent Server Console 
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10:37:49 968 MTP: Message Transfer Protocol initialization... 
10:37:49 968 MTP: Queue initialization... 
10:37:50 968 MTP: Queue initialization... 
10:37:50 968 Warning - A postmaster must be set for this gateway. 

10:37:53 7EC Starting GWPOP-Listener 

10:37:54 9D4 Starting GWIMAP-Listener 

10:37:55 944 Starting GWHTTP-Listener 

10:37:55 968 HTTP server running 

10:37:55 9B0 LDAP server running y 





Processing: Displays a rotating bar if the Internet Agent is running. If there is no bar, or if the bar is 
stationary for more than one minute, the Internet Agent is not running. 


GroupWise: Displays whether the Internet Agent’s network connection is OPEN or CLOSED. This 
network connection is the Internet Agent’s only link to GroupWise. The status indicates whether or 
not the Internet Agent can write to the wocsin directory and access the wocsout directory. The 
Internet Agent does a scan each cycle to see if these directories exist. If the status is CLOSED, the 
Internet Agent attempts to reattach to the network. 


It is normal for this field to display the word CLOSED for a minute or so after you start the Internet 
Agent. However, if the connection remains CLOSED, look for the wpcsin and wpcsout 
directories. If they are not created yet, start the Message Transfer Agent (MTA). 


Other Link: This field does not apply to the Internet Agent. It always says OPEN. 


Program: Displays the processing cycle. You can use the Gateway Time Settings page (/nternet 
Agent object > GroupWise > Gateway Time Settings) to adjust the processing cycle. 


Log Level: Displays the logging level the Internet Agent is currently using. The logging level 
determines how much data is displayed on the message portion of this screen and written to the log 
file. You can use the console menu options to override the default setting for the current session. For 
information, see Section 49.1.4, “Logging,” on page 784 


49.1.3 Statistics 


The Statistics section of the console can display five different sets of information: 


+ “Message Statistics” on page 778 

+ “SMTP Service Statistics” on page 778 
+ “POP Service Statistics” on page 780 
+ “IMAP Service Statistics” on page 782 
+ “LDAP Service Statistics” on page 783 
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Message Statistics 


The Message Statistics section of the console, shown below, is the default statistics section displayed 
by the Internet Agent console. 


Figure 49-4 Internet Agent Server Console 
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10:37:49 968 MTP: Message Transfer Protocol initialization... 
10:37:49 368 MTP: Queue initialization... 
10:37:50 968 MTP: Queue initialization... 
10:37:50 968 Warning - 4 postmaster must be set for this gateway. 

10:37:53 7EC Starting GWPOP-Listener 

10:37:54 9D4 Starting GWIMAP-Listener 

10:37:55 944 Starting GWHTTP-Listener 

10:37:55 968 HTTP server running 

10:37:55 9B0 LDAP server running = 





Message Statistics shows the number of inbound and outbound messages processed by the Internet 
Agent. The Out and Jn columns display the cumulative message totals and the 70 Minutes column 
display snap shot totals for the last ten minutes. You change the time interval of the 10 Minutes 
column in ConsoleOne. For instructions, see Section 50.2.3, “Increasing Polling Time,” on 

page 801. 


Normal: Displays the number of inbound and outbound messages processed by the Internet Agent. 


Status: Displays the number of inbound and outbound status messages processed by the Internet 
Agent. The amount of status message traffic depends on the Outbound Status level (Internet Agent 
object > GroupWise > Optional Gateway Settings). If the Outbound Status level is set to Full, more 
status messages are generated. If the Outbound Status level is set to Undelivered, fewer status 
messages are generated. 


Passthrough: Displays the number of inbound and outbound passthrough messages the Internet 
Agent has processed. 


Convert Errors: Outbound messages are converted from Group Wise format to MIME or RFC-822 
format. Inbound messages are converted to Group Wise format. This field displays the number of 
inbound and outbound messages that the Internet Agent could not convert. 


Communication: Displays the number of communication errors encountered by the Internet Agent. 


Total Bytes: Displays the total number of bytes of inbound and outbound messages processed by 
the Internet Agent. 


SMTP Service Statistics 


The SMTP Service Statistics section, shown below, includes only the information for messages 
processed by the Internet Agent’s SMTP daemon. 


NetWare: Press F10-Options, then F9-Stats to switch to the SMTP Service Statistics. 
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Linux and Click Statistics > SMTP Service. 
Windows: 


Figure 49-5 SMTP Service Statistics Section of the Internet Agent Server Console 
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10:37:49 968 MTP: Message Transfer Protocol initialization... 
10:37:49 968 MTP: Queue initialization... 

10:37:50 968 MTP: Queue initialization... 

10:37:50 968 Warning - A postmaster must be set for this gateway. 

10:37:53 7EC Starting GWPOP-Listener 

10:37:54 9D4 Starting GWIMAP-Listener 
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10:37:55 968 HTTP server running 

10:37:55 9B0 LDAP server running z 






Messages Sent: Displays the total number of SMTP messages sent by the Internet Agent during its 
current up time. 


Send Threads: The first number displays the number of threads currently being used to send SMTP 
messages. The second number displays the number of threads still available to the Internet Agent for 
sending SMTP messages. This is the total number of assigned send threads (by default, 8) minus the 
currently used threads. You can change the total number of assigned SMTP send threads in 
ConsoleOne (Internet Agent object > SMTP/MIME > Settings). For more information, see 

Section 46.1.1, “Configuring Basic SMTP/MIME Settings,” on page 717. 


Messages Received: Displays the total number of SMTP messages received by the Internet Agent 
during its current up time. 


Receive Threads: The first number is the number of threads currently being used to receive SMTP 
messages. The second number is the number of threads still available to the Internet Agent for 
receiving SMTP messages. This is the total number of assigned receive threads (by default, 16) 
minus the currently used threads. You can change the total number of assigned SMTP receive 
threads in ConsoleOne (Internet Agent object > SMTP/MIME > Settings). For more information, see 
Section 46.1.1, “Configuring Basic SMTP/MIME Settings,” on page 717. 


MX Lookup Errors: To resolve hostnames to IP addresses, the Internet Agent performs MX record 
lookups in DNS. This field displays the number of MX record lookups that failed. 


Unknown Hosts: Displays the number of SMTP hosts that the Internet Agent could not establish a 
connection with because the hostname could not be resolved to an IP address. 


TCP/IP Read Errors: Displays the number of TCP read errors encountered by the Internet Agent. 
A TCP read error occurs if the Internet Agent connects successfully to another SMTP host but is 
unable to process a TCP read command during the message transfer. 


TCP/IP Write Errors: Displays the number of TCP write errors encountered by the Internet Agent. 
A TCP write error occurs if the Internet Agent connects successfully to another SMTP host but is 
unable to process a TCP write command during the message transfer. 


Monitoring the Internet Agent 779 


Hosts Down: Displays the number of SMTP hosts that the Internet Agent could not establish a 
connection with in order to send or receive messages. The Internet Agent was able to resolve the 
hostname to an IP address, but the connection could not be established. 


Connections Denied: Displays the number of connections denied by the Internet Agent. A 
connection is denied if the host is blocked through: 


+ A Class of Service (Internet Agent object > Access Control > Settings). For more information, 
see Chapter 47.1, “Controlling User Access to the Internet,” on page 747. 


+ A blacklist (Internet Agent object > Access Control > Blacklists). For more information, see 
Chapter 47.2, “Blocking Unwanted E-Mail from the Internet,” on page 757. 


+ The Reject Mail if Sender’s Identity Cannot Be Verified setting (Internet Agent object > SMTP/ 
MIME > Security Settings), if it is enabled and the sender’s identity cannot be verified. For 
more information, see Section 47.2.4, “Mailbomb (Spam) Protection,” on page 760. 


Message Size Denied: Displays the number of SMTP messages that the Internet Agent did not send 
or receive because they exceeded the maximum message size. You can change the maximum 
message size in ConsoleOne (Internet Agent object > Access Control > Settings > edit class of 
service > SMTP Incoming tab or SMTP Outgoing tab). For more information, see Section 47.1, 
“Controlling User Access to the Internet,” on page 747. 


Relaying Denied: Displays the number of relay messages denied by the Internet Agent. A relay 
message is denied for the following reasons: 


¢ The Internet Agent is not enabled as a relay host (Internet Agent object > Access Control > 
SMTP Relay Settings). For more information, see Section 46.1.8, “Enabling SMTP Relaying,” 
on page 731. 


+ The relay message could not be authenticated. 
POP Service Statistics 


The POP Service Statistics section, shown below, provides information about the POP activity 
handled by the Internet Agent. 


NetWare: Press F10-Options, then F9-Stats to switch to the POP Service Statistics. 


Linux and Click Statistics > POP Service. 
Windows: 
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Figure 49-6 POP Service Statistics Section of the Internet Agent Server Console 
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Total Sessions: Displays the total number of POP3 sessions processed by the Internet Agent during 
its current up time. 


Active Sessions: Displays the number of currently active POP3 sessions. 


Idle Sessions: Displays the number of threads still available to the Internet Agent for POP3 
sessions. This is the total number of assigned POP3 threads (by default, 10) minus the active 
sessions. You can change the total number of assigned POP3 threads in ConsoleOne (Internet Agent 
object > POP3/IMAP4 > Settings). For more information, see Section 46.3, “Configuring POP3/ 
IMAP4 Services,” on page 739. 


Messages Sent: Displays the total number of GroupWise mailbox messages retrieved through POP3 
sessions. 


Normal Threads: Displays the number of POP threads that are busy and the number that are 
available. 


Secure Threads: Displays the number of POP SSL threads that are busy and the number that are 
available. 


Unknown Users: Displays the number of user logins that failed because the user does not exist in 
the GroupWise system. 


Authentication Errors: Displays the number of GroupWise user logins that failed because the user 
supplied an incorrect password. 


Retrieve Errors: Displays the number of errors generated because the Internet Agent could not 
transfer messages to the POP3 client. 


Conversion Errors: Displays the number of errors generated because the Internet Agent could not 
convert retrieved GroupWise messages to MIME format. 


TCP/IP Read Errors: Displays the number of TCP read errors encountered by the Internet Agent. 
A TCP read error occurs if the Internet Agent successfully opens a POP3 session but is unable to 
process a TCP read command during the session. 
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TCP/IP Write Errors: Displays the number of TCP write errors encountered by the Internet Agent. 
A TCP write error occurs if the Internet Agent successfully opens a POP3 session but is unable to 
process a TCP write command during the session. 


Denied Access Count: Displays the number of POP3 sessions that were denied because the user 
does not have POP3 access. POP3 access is controlled through the user’s Class of Service 
assignment (Internet Agent object > Access Control > Settings). For more information, see 
Section 47.1, “Controlling User Access to the Internet,” on page 747. 


Store Login Errors: Displays the number of GroupWise user logins that failed because the users’ 
Group Wise mailboxes were unavailable (for example, the post office is down or the Internet Agent 
link to the post office is down). 

IMAP Service Statistics 

The IMAP Service Statistics section, shown below, provides information about the IMAP activity 
handled by the Internet Agent. 

NetWare: Press F10-Options, then F9-Stats to switch to the IMAP Service Statistics. 


Linux and Click Statistics > IMAP Service. 
Windows: 


Figure 49-7 IMAP Service Statistics Section of the Internet Agent Server Console 
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10:37:55 968 HTTP server running 

10:37:55 9B0 LDAP server running x 





Total Sessions: Displays the total number of IMAP4 sessions processed by the Internet Agent 
during its current up time. 


Active Sessions: Displays the number of currently active IMAP4 sessions. 


Sessions Available: Displays the number of threads still available to the Internet Agent for IMAP4 
sessions. This is the total number of assigned IMAP4 threads (by default, 10) minus the active 
sessions. You can change the total number of assigned IMAP4 threads in ConsoleOne (Internet 
Agent object > POP3/IMAP4 > Settings). For more information, see Section 46.3, “Configuring 
POP3/IMAP4 Services,” on page 739. 


Messages Sent: Displays the total number of GroupWise mailbox messages retrieved through 
IMAP4 sessions. 
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Normal Threads: Displays the number of IMAP threads that are busy and the number that are 
available. 


Secure Threads: Displays the number of IMAP SSL threads that are busy and the number that are 
available. 


Unknown Users: Displays the number of user logins that failed because the user does not exist in 
the GroupWise system. 


Authentication Errors: Displays the number of GroupWise user logins that failed because the user 
supplied an incorrect password. 


Retrieve Errors: Displays the number of errors generated because the Internet Agent could not 
transfer messages to the IMAP4 client. 


Conversion Errors: Displays the number of errors generated because the Internet Agent could not 
convert retrieved GroupWise messages to MIME format. 


TCP/IP Read Errors: Displays the number of TCP read errors encountered by the Internet Agent. 
A TCP read error occurs if the Internet Agent successfully opens a IMAP4 session but is unable to 
process a TCP read command during the session. 


TCP/IP Write Errors: Displays the number of TCP write errors encountered by the Internet Agent. 
A TCP write error occurs if the Internet Agent successfully opens an IMAP4 session but is unable to 
process a TCP write command during the session. 


Denied Access Count: Displays the number of IMAP4 sessions that were denied because the user 
does not have IMAP4 access. IMAP4 access is controlled through the user’s Class of Service 
assignment (Internet Agent object > Access Control > Settings). For more information, see 
Section 47.1, “Controlling User Access to the Internet,” on page 747. 


Store Login Errors: Displays the number of GroupWise user logins that failed because the users’ 
Group Wise mailboxes were unavailable (for example, the post office is down or the Internet Agent 
link to the post office is down). 


LDAP Service Statistics 


The LDAP Service Statistics section, shown below, provides information about the LDAP activity 
handled by the Internet Agent. 


NetWare: Press F10-Options, then F9-Stats to switch to the LDAP Service Statistics. 


Linux: Click Statistics > LDAP Service. 
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Figure 49-8 LDAP Service Statistics Section of the Internet Agent Server Console 
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10:37:49 968 MTP: Message Transfer Protocol initialization... 
10:37:49 968 MTP: Queue initialization... 
10:37:50 968 MTP: Queue initialization... 
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Public Sessions: Displays the total number of LDAP sessions handled by the Internet Agent. 
Authenticated Sessions: This field is not used. 


Sessions Active: Displays the total number of LDAP sessions currently being processed by the 
Internet Agent. 


Sessions Available: Displays the number of threads still available to the Internet Agent for LDAP 
sessions. This is the total number of assigned LDAP threads (by default, 10) minus the active 
sessions. You can change the total number of assigned LDAP threads in ConsoleOne (Internet Agent 
object > LDAP > Settings). For more information, see Section 46.2, “Configuring LDAP Services,” 
on page 737. 


Search Requests: Displays the total number of LDAP queries against the GroupWise Address 
Book. 


Entries Returned: Displays the total number of Address Book entries returned for the search 
requests. For example, a single search request might return 25 entries. 


49.1.4 Logging 


The Logging section of the console, shown below, displays Internet Agent activity. The number and 
detail of these messages depend on the logging level you select. See Chapter 49.6, “Using Internet 
Agent Log Files,” on page 791 for more information. 
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Figure 49-9 Internet Agent Server Console 
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49.1.5 Menu Functions 


The following sections explain the menu options available in the Internet Agent console: 


+ “NetWare Internet Agent Console” on page 785 


+ “Linux and Windows Internet Agent Console” on page 786 


NetWare Internet Agent Console 
The menu functions on the NetWare Internet Agent console provide you with the following options. 


F6-Restart: Select this option to restart the Internet Agent. The Internet Agent rereads all of its 
configuration files (gwia.cfg, blocked. txt, gwauth.cfg, route.cfg, and so forth). 


F7-Exit: Select this option to terminate the Internet Agent and return to the system prompt. 


F8-Info: Select this option to display the Internet Agent configuration information in the Logging 
section of the console and in the log file. 


F9-Browse Log File: Select this option to browse the log file. The following browse options are 
displayed: 
+ F1-Cancel Browse: Select this option to exit browse mode and to return to the console. 


+ Up-arrow, Down-arrow: Press the Up-arrow and Down-arrow keys to scroll one line at a 
time. 


+ PgUp, PgDn: Press the PageUp and PageDown keys to scroll one screen at a time. 
+ Ctrl+PgUp: Press Ctrl+PageUp to move to the top of the log file. 
+ Ctrl+PgDn: Press Ctrl+PageUp to move to the bottom of the log file. 


F-10 Options: Select this option to display the options menu. The following options are displayed: 


+ F1-Exit Options: Select this option to return to the main Internet Agent console screen. 


+ F2-Log Level: Select this option to toggle between log levels. This option overrides the default 
log level set in the Log Settings page (Internet Agent object > GroupWise > Log Settings) or 
the /loglevel switch in the startup file for the current session. 
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+ F6-Colors: Select this option to scroll through the several color options. This option is useful if 
the Internet Agent station has a monochrome monitor. You can also use this option to help you 
quickly identify an Internet Agent if more than one is running. 


+ F8-Zero Stats: Select this option to reset the values in the Statistics section of the screen. 


¢ F9-Stats: Select this option to scroll through the SMTP service statistics, POP service 
statistics, IMAP service statistics, LDAP service statistics, and message transfer status. 
Linux and Windows Internet Agent Console 


The menu functions on the Linux and Windows Internet Agent console provide you with the 
following options. 


File > Restart (F6): Select this option to restart the Internet Agent. The Internet Agent rereads all 
of its configuration files (gwia.cfg, blocked.txt, gwauth.cfg, route.cfg and so forth). 


File > Exit (F7): Select this option to terminate the Internet Agent and return to the system prompt. 


Configuration > Agent Settings (F5): Select this option to display the Internet Agent configuration 
information. 


Configuration > Message Transfer Status: Select this option to display the status of the TCP/IP 
link between the Internet Agent and the MTA for the domain. 


Configuration > Edit Startup File: Select this option to open the gwia . cfg file in the default 
text editor. 


Log > Cycle Log: Select this option to close the current log file and start a new one. 
Log > View Log: Select this option to view the log files. 


Log > Log Settings: Select this option to set the logging level, turn on or off disk logging, and 
configure the maximum log file size and disk space. These changes apply only to the current 
session. 


Statistics > Message: Select this option to display the Message statistics. For information about the 
Message statistics, see “Message Statistics” on page 778. 


Statistics > SMTP Service: Select this option to display the SMTP Service statistics. For 
information about the SMTP Service statistics, see “SMTP Service Statistics” on page 778. 


Statistics > POP Service: Select this option to display the POP Service statistics. For information 
about the POP Service statistics, see “POP Service Statistics” on page 780. 


Statistics > IMAP Service: Select this option to display the IMAP Service statistics. For 
information about the IMAP Service statistics, see “IMAP Service Statistics” on page 782. 


Statistics > LDAP Service: Select this option to display the LDAP Service statistics. For 
information about the LDAP Service statistics, see “LDAP Service Statistics” on page 783. 


Statistics > Zero Statistics (F8): Select this option to reset the Message, SMTP, POP, IMAP, and 
LDAP statistics. 
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49.2 Using the Internet Agent Web Console 


You can use a Web browser interface, referred to as the Web console, to monitor the Internet Agent. 
You cannot use the Internet Agent Web console to change any of the Internet Agent’s settings. 
Changes must be made through ConsoleOne, the server console, or the startup file. 

+ Section 49.2.1, “Setting Up the Internet Agent Web Console,” on page 787 

+ Section 49.2.2, “Monitoring the Internet Agent at the Web Console,” on page 788 


49.2.1 Setting Up the Internet Agent Web Console 


The default HTTP port for the Internet Agent Web console is established during Internet Agent 
installation. You can change the port number and increase security after installation in ConsoleOne. 
1 In ConsoleOne, right-click the WebAccess Agent object, then click Properties. 
2 Click GroupWise > Network Address to display the Network Address page. 


Properties of GWIA 


POPSAMAP4 | Server Directories | Access Control ~| Reattach | Post Office Links | GroupWise ~ | NDS Rights ~ 
Network Address 





TCPIP Address: fiba-nw 





IPX/SPX Address: | 
I Bind Exclusively to TCPAP Address 


Port SSL SSL Port 
A 
Message Transfer: 7102 4 Disabled x | 








HTTP: 9850 $| [Disabled ~ | 





SMTP: 25 3 Disabled x | 





110 $| [Disabled ~ | 





143 $| pisabied ~ | 




















389 + Disabled x | 





Page Options... Cancel | Apply | Help | 





3 Make a note of the TCP/IP address and the HTTP port number. You need this information to 
access the Internet Agent Web console. 


4 If you want to use an SSL connection for the Internet Agent Web console, which provides 
optimum security, select Enabled in the HTTP SSL drop-down list. 


For additional instructions about using SSL connections, see Section 71.2, “Server Certificates 
and SSL Encryption,” on page 1123. 


5 Click Apply to save your changes on the Network Address page. 


If you want to limit access to the Internet Agent Web console, you can provide a username and 
password. 


6 Click GroupWise > Optional Gateway Settings to display the Optional Gateway Settings page. 
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Properties of GWIA 


POP3AMAP4 | Server Directories | Access Control ~ | Reattach | Post Office Links | GroupWise + 


Directory Sync/Exchange: 
Accounting: 
Convert Status to Messages: 
Outbound Status Level: 
Enable Recovery: 
Retry Count: 
Retry Interval: 
Failed Recovery Wait: 
Network Reattach Command: 
Correlation Enabled: 
Correlation Age: 

HTTP Settings 

HTTP User Name: 


HTTP Password: 


Page Options... 


| Optional Gateway Settings 


NDS 





None 


Yes 





No 





Undelivered 





Yes 
10 «9 


5 = seconds 


3600 3 seconds 





Yes 


14 $I days 








Set Password 





OK | Cancel Apply | 


Help | 





7 Inthe HTTP User Name field, enter an arbitrary username (for example, gwia). 


8 Click Set Password to assign a password (for example, monitor). 


9 Click OK to save your changes. 


ConsoleOne then notifies the Internet Agent to restart to put the new settings into effect. 


49.2.2 Monitoring the Internet Agent at the Web Console 


1 Ina Web browser, enter the following: 


http://IP address:agent port (non-secure server) 


Or 


https://IP address:agent port (secure server) 


where IP address is the IP address or hostname of the server where the Internet Agent is 
running, and HTTP. port is the port number assigned to the agent. If you used the default port 
during installation, the port number is 9850. 


2 Ifprompted, enter the Web console username and password. 


The Internet Agent Web console is displayed. 
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| MTP Status | Help 


UpTime: 4 Days 5 Hrs 23 Mins 


Restart Internet Agent 


Message Statistics 





Out 10 Minutes In 10 Minutes 

Normal 0 0 0 0 
Status 0 0 0 0 
Passthrough 0 0 0 0 

Conv Errors 0 0 0 0 
Comm Errors a 0 0 0 

Total Bytes 0.0 0.0 

Messages Sent 0 | Messages Received 0 
Active Send Threads 0 | Active Receive Threads 0 
Available Send Threads 8 | Available Receive Threads 16 
MX Lookup Errors 0 | Unknown Hosts 0 
TCP/IP Read Errors O | TCP/IP Write Errors 0 
Hosts Down O | Connections Denied 0 
Message Size Denied 0 | Relaying Denied 0 


POP3 Service Statistics 


Total Sessions 0 | Messages Sent 0 
Active Sessions O | Normal Threads 0:10 





The Web console has five pages (Status, Configuration, Environment, and Log Files, and MTP 
Status). You can click Help on any page for information about the page. 


49.3 Using Novell Remote Manager 


If the Internet Agent is running on NetWare 6.5 or on Novell Open Enterprise Server (OES), you can 
use the IP Address Management feature in Novell Remote Manager (Manage Server > IP Address 
Management) to view the IP address and port configuration for the Internet Agent. This is also true 
for other GroupWise agents (MTA, POA, and WebAccess Agent) running on NetWare 6.5/OES 
servers. 





IMPORTANT: If the Internet Agent is running in protected mode on NetWare, it does not display 
in Novell Remote Manager. 





You access Novell Remote Manager by entering the following URL in a Web browser: 
http://server address: 8008 


For example: 
http://172.16.5.18:8008 


For more information about using Novell Remote Manager, see the NetWare 6.5 Documentation 
Web site (http://www.novell.com/documentation/nw65) and the Novell Open Enterprise Server 
Documentation Web site (http://www.novell.com/documentation/oes). 


49.4 Using an SNMP Management Console 


The Internet Agent can be monitored through an SNMP management console, such as the one 
provide with Novell® ZENworks® Server Management. 


Before you can monitor the Internet Agent through an SNMP management console, you must 
compile the Internet Agent’s MIB (Management Information Base) file. The Internet Agent’s MIB 
file, named gwia.mib, is located in the agents\snmp directory on the GroupWise 7 
Administrator CD or in the GroupWise software distribution directory. 


The MIB file contains all the Trap, Set, and Get variables used for communication between the 
Internet Agent and management console. The Trap variables provide warnings that point to current 
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and potential problems. The Set variables allow you to configure portions of the application while it 
is still running. The Get variables display the current status of different processes of the application. 


To compile the MIB file: 


1 Copy the Internet Agent MIB (gwia.mib) to the SNMP management console’s MIB 
directory. 


2 Compile the MIB file. 
3 Create a profile that uses the Internet Agent MIB, then select that profile. 


49.5 Assigning Operators to Receive Warning 
and Error Messages 


You can select GroupWise users to receive warning and error messages issued by the Internet Agent. 
Whenever the agent issues a warning or error, these users, called operators, receive a message in 
their mailboxes. You can specify one or more operators. 


An operator can also shut down the Internet Agent by sending a mail message addressed as follows: 


gwia: shutdown 
where gwia is your Internet Agent’s name. 
To assign an operator: 


1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 
2 Click GroupWise > Gateway Administrators to display the Gateway Administrators page. 


Properties of GWIA 
LDAP | POP31MAP4 | Server Directories | Access Control ~| Reattach | Post Office Links |: 








Administrator Role 





Fr 
= 





Page Options... | Cancel | 





3 Click Add, select a user, then click OK to add the user to the Gateway Administrators list. 
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Properties of GWIA 


POPSAMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | GroupWise + | nos Rig 
Gateway Administrators | 


ms 





Administrator Role 

[V Operator 

[ Accountant 

1 Postmaster 

[ Foreign Operator 


Page Options... Cancel | Apply | Help 











4 Make sure Operator is selected as the Administrator Role. 
5 If desired, add additional operators. 
6 Click OK. 


49.6 Using Internet Agent Log Files 


You can use the Internet Agent logging options to help you monitor its operation. By default, the 
Internet Agent logs information to its server console, Web console, and to a log file on disk. You can 
control the following logging features: 

+ The type of information to log. 

¢ Disabling disk logging (Windows Internet Agent only). 

+ How long to retain log files. 

+ The maximum amount of disk space to use for log files. 

+ Where to store log files. 
You can control logging through ConsoleOne, Internet Agent startup switches, and the Internet 


Agent console. The following table shows which logging options you can control from each 
location. 


Table 49-1 Logging Options 


Startup NetWare Linux Windows 
ConsoleOne Switches Console Console Console 
Logging Level Yes Yes Yes Yes Yes 
Disk Logging No No No Yes Yes 
Maximum Log File Age Yes Yes No Yes Yes 
Maximum Disk Space Yes Yes No Yes Yes 
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Startup NetWare Linux Windows 
ConsoleOne Switches Console Console Console 


Log File Location Yes Yes No No No 


The log settings in ConsoleOne are used as the default settings. Startup switches override the 
ConsoleOne log settings, and console settings override startup switches. 


+ Section 49.6.1, “Modifying Log Settings in ConsoleOne,” on page 792 


+ Section 49.6.2, “Modifying Log Settings through Startup Switches,” on page 793 


+ Section 49.6.3, “Modifying Log Settings through the Internet Agent Server Console,” on 
page 793 


+ Section 49.6.4, “Viewing Log Files,” on page 795 


49.6.1 Modifying Log Settings in ConsoleOne 


Through ConsoleOne, you can configure the following log settings: 


+ Log file location 

+ Logging level (applies to both console logging and disk logging) 
+ Maximum age for log files 

+ Maximum disk spaced used for log files 


The ConsoleOne settings are the default settings. The Internet Agent uses these settings unless you 
override them with startup switches in the gwia.cfg startup file or at the server console. 


To configure the default log settings in ConsoleOne: 


1 Right-click the Internet Agent object, then click Properties. 
2 Click GroupWise > Log Settings to display the Log Settings page. 


Properties of GWIA 
POPSAMAP4 | Server Directories | Access Control + | Reattach | Post Office Links IDS Rights v | 





Log File Path: 





Logging Level: Normal 





Max Log File Age: days 








Max Log Disk Space: KBytes 


Page Options... Cancel Apply 








3 Modify any of the following properties: 
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Log File Path: The Internet Agent creates a new log file each day and each time it is started. 
The log file is named mmddgwia.nnn, where mm is the month, dd is the day, and nnn is a 

sequenced number (001 for the first log file of the day, 002 for the second, and so forth). The 
default location of the log files depends on the platform where the Internet Agent is running. 


NetWare: domain\wpgate\gwia\000.pre 
Linux: /var/log/novell/groupwise/domain name.gwia 
Windows: c:\grpwise\gwia 


If you want to specify a different location, enter the directory path or browse to and select the 
directory. 


Logging Level: There are four logging levels: 
+ Off: Disables the logging function. 
+ Normal: Displays warnings and error messages. This is the preferred logging level. 


+ Verbose: Displays information about traffic, including non-delivery reports, in addition to 
warnings and error messages. Information includes the filename, path, message ID, and 
size of the message being processed; the IP address of any inbound SMTP connections; 
the Internet Agent-specific MSG number; and SMTP connection messages such as 
“Connect to novell.com” and “Accepted connection from 172.16.5.18 novell.com”. 


+ Diagnostic: Displays detailed function calls made by the Internet Agent. This level is not 
useful for most troubleshooting. Verbose is better for standard troubleshooting. 


The verbose and diagnostic logging levels do not degrade Internet Agent performance, but log 
files saved to disk consume more disk space when verbose or diagnostic logging is in use. 


Max Log File Age: Specify the number of days you want the Internet Agent to retain old log 
files. The Internet Agent retains the log file for the specified number of days unless the 
maximum disk space for the log files is exceeded. The default age is 7 days. 


Max Log Disk Space: Specify the maximum amount of disk space you want to use for log 
files. If the disk space limit is exceeded, the Internet Agent deletes log files, beginning with the 
oldest file, until the limit is no longer exceeded. The default disk space is 65536 KB. 


4 Click OK to save the log settings. 


49.6.2 Modifying Log Settings through Startup Switches 


You can use startup switches to override any log settings you configured in ConsoleOne. as 
described in Section 49.6.1, “Modifying Log Settings in ConsoleOne,” on page 792. Edit the 
gwia.cfg file to change switch settings, as described in Section 52.1.2, “Modifying the gwia.cfg 
File,” on page 814. 


For information about the startup switches that can be used to modify log settings, see 


Section 52.12, “Log File Switches,” on page 851. 


49.6.3 Modifying Log Settings through the Internet Agent 
Server Console 


+ “NetWare Internet Agent Server Console” on page 794 


+ “Linux or Windows Internet Agent Server Console” on page 794 


Monitoring the Internet Agent 


793 


NetWare Internet Agent Server Console 
You can use the NetWare Internet Agent console to set the logging level for the current session. 


Changes you make to logging level at the console apply only to the current session. When you 
restart the Internet Agent, the logging level is reset to the settings specified in ConsoleOne or the 
startup switches. See Section 49.6.1, “Modifying Log Settings in ConsoleOne,” on page 792 and 
Section 49.6.2, “Modifying Log Settings through Startup Switches,” on page 793. 


To modify the logging level: 
1 At the NetWare Internet Agent’s console, press F10-Options, then press F2-Log Level 
repeatedly to toggle among the available log levels: 
+ Off: Disables the logging function. 
+ Normal: Displays warnings and error messages. This is the preferred logging level. 


+ Verbose: Displays information about traffic, including non-delivery reports, in addition to 
warnings and error messages. Information includes the filename, path, message ID, and 
size of the message being processed; the IP address of any inbound SMTP connections; 
the Internet Agent-specific MSG number; and SMTP connection messages such as 
“Connect to novell.com” and “Accepted connection from 172.16.5.18 novell.com”. 


+ Diag: Displays detailed function calls made by the Internet Agent. This level is not useful 
for most troubleshooting. Verbose is better for standard troubleshooting. 


2 Press F1-Exit Options to return to the main console screen. 


Linux or Windows Internet Agent Server Console 


You can use the Windows Internet Agent console to override the following log settings for the 
current sessions: 

¢ Disk logging on/off 

+ Log file location 

+ Logging level (applies to both console logging and disk logging) 

+ Maximum age for log files 

+ Maximum disk spaced used for log files 
Changes you make to the log settings at the console apply only to the current session. When you 
restart the Internet Agent, the log level is reset to the level specified in ConsoleOne or the startup 


switches. See Section 49.6.1, “Modifying Log Settings in ConsoleOne,” on page 792 and 
Section 49.6.2, “Modifying Log Settings through Startup Switches,” on page 793. 


To modify the log settings: 


1 Inthe Windows Internet Agent console, click Log > Log Settings to display the Log Settings 
dialog box. 
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Log Settings x! 


Log Level Disk Logging 





© Normal @ On 

C Verbose C Off 
Log Maintenance Settings 

Maximum log file age: 7 Days 
Maximum log disk space: [65536 KBytes 





Cancel Help 





2 Change the desired settings: 


+ Log Level: Select Normal to display warnings and error messages; this is the preferred 
logging level. Select Verbose to display information about traffic, including non-delivery 
reports, in addition to warnings and error messages. Information includes the filename, 
path, message ID, and size of the message being processed; the IP address of any inbound 
SMTP connections; the Internet Agent-specific MSG number; and SMTP connection 
messages such as “Connect to novell.com” and “Accepted connection from 172.16.5.18 
novell.com”. 


+ Disk Logging: Select On or Off to enable or disable logging of information to log files. 


+ Maximum Log File Age: Specify the number of days you want the Internet Agent to 
retain old log files. The Internet Agent retains the log file for the specified number of days 
unless the maximum disk space for the log files is exceeded. The default age is 7 days. 


+ Maximum Log Disk Space: Specify the maximum amount of disk space you want to use 
for log files. If the disk space limit is exceeded, the Internet Agent deletes log files, 
beginning with the oldest file, until the limit is no longer exceeded. The default disk space 
is 65536 KB. 


49.6.4 Viewing Log Files 


You can view the log file for the current session, or you can view archived log files. The current log 
file is viewable through the Internet Agent console, as described in Section 49.1, “Using the Internet 
Agent Server Console,” on page 775, or in the Internet Agent Web console, as described in 

Section 49.2, “Using the Internet Agent Web Console,” on page 787. Archived files are viewable 
through the consoles or an ASCII text editor. 


Current Log File 


The current log file is displayed in the Logging window of the Internet Agent console, with only the 
most current operations visible. The log file is complete, and includes the gateway startup and 
configuration information and ongoing operations logged by time, including the shutdown 
operation. You can browse the file from top to bottom or perform a search for any text string you 
want. You can also view the current log file from the Internet Agent Web console. 


Archived Log Files 


The Internet Agent creates a new log file every day at midnight or every time it restarts. Older log 
files are not deleted for at least one day unless you have not allowed sufficient disk space for them to 
be archived. 
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Log files are named according to the date they were created. If the Internet Agent was restarted 
during the day, the file extension indicates which session is logged (for example 051810g.003 
indicates the third session logged for May 18). 


Archived log files are saved in ASCII. You can use any text editor to open a file or to print it. You 
can also view the log files from the Internet Agent console or the Internet Agent Web console. 


49.7 Using Internet Agent Error Message 
Documentation 


Internet Agent error messages are documented with the source and explanation of the error, possible 
causes of the error, and actions to take to resolve the error. See “Internet Agent Error Messages” in 
GroupWise 7 Troubleshooting 1: Error Messages. 


49.8 Employing Internet Agent Troubleshooting 
Techniques 


If you are having a problem with the Internet Agent but not receiving a specific error message, or if 
the suggested actions for the specific error did not resolve the problem, you can review more general 
troubleshooting strategies for dealing with Internet Agent problems. See “Strategies for Agent 
Problems” in GroupWise 7 Troubleshooting 2: Solutions to Common Problems. 


49.9 Stopping the Internet Agent 


The following sections describe the various methods you can use to shut down the Internet Agent: 
+ Section 49.9.1, “Using the Internet Agent Console,” on page 796 
+ Section 49.9.2, “Using a Command at the Command Line,” on page 796 
+ Section 49.9.3, “Using a Mail Message,” on page 797 
+ Section 49.9.4, “Using a Shutdown File,” on page 797 
49.9.1 Using the Internet Agent Console 
To stop the Internet Agent while at the server console: 


NetWare: Press F7-Exit, then select Yes. 


Linux and Click File > Exit. 
Windows: 


49.9.2 Using a Command at the Command Line 
To stop the Internet Agent at the command line: 


NetWare: unload gwia 
Linux: /etc/init.d/grpwise stop 


Windows: N/A 


796 GroupWise 7 Administration Guide 


49.9.3 Using a Mail Message 


The Internet Agent can be stopped by sending a shutdown message to the Internet Agent. In order to 
shut down the program with a message, the user sending the message must be defined as an operator 
for the Internet Agent. This prevents unauthorized users from shutting down the Internet Agent. For 
information about defining a user as an operator, see Section 49.5, “Assigning Operators to Receive 
Warning and Error Messages,” on page 790. 


The message to shut down the Internet Agent must be addressed to the Internet Agent, not a non- 
Group Wise domain. The syntax for the To line is: 


gwia: shutdown 


where gwia is the name of the Internet Agent object. 


49.9.4 Using a Shutdown File 


The Internet Agent can also be stopped by placing a file named shutdown in the 
domain\wpgate\gwia\000.prc directory. When the Internet Agent sees this file, it deletes 
the file and shuts down. 
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Optimizing the Internet Agent 


The following sections provide information about some of the methods you can use to optimize the 
speed and reliability of the GroupWise® Internet Agent: 

+ Section 50.1, “Relocating the Internet Agent’s Processing Directories,” on page 799 

+ Section 50.2, “Increasing Internet Agent Speed,” on page 801 

+ Section 50.3, “Automating Reattachment to NetWare Servers,” on page 802 


50.1 Relocating the Internet Agent’s Processing 
Directories 


The Internet Agent uses several directories to process message files. For best performance, these 
directories should be located on the same server where the Internet Agent is running. 


NetWare: If you installed the Internet Agent on a different server from where the domain is located, 
you should move the Internet Agent’s processing directories to the server where the 
Internet Agent is running. 


Linux: If you installed the Internet Agent on a different server from where the domain is located, 
you should move the Internet Agent’s processing directories to the server where the 
Internet Agent is running. 


Windows: The Internet Agent Installation program creates the Internet Agent’s processing directories 
on the Windows server when it installs the Windows Internet Agent, so you typically don’t 
need to move them. 


To define the location of the Internet Agent’s directories: 


1 In ConsoleOne®, right-click the Internet Agent object, then click Properties. 


2 Click Server Directories > Settings to display the server directories Settings page. 


Properties of GWIA 


POP31M4P4 | Server Directories | Access Control + | Reattach | Post Office Links | GroupWise + | NDS Rights vi 
Settings 


These directories should be local to the Internet Agent server. 


Conversion Directory: 








SMTP Queues Directory: 
WBD-NVVisysigwsystem\provol Wwpgate GVA, 





Advanced... 


Page Options... Cancel Apply 
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3 Fill in the fields: 


Conversion Directory: Select the directory where the Internet Agent stores temporary files for 
message conversion. The default conversion directory depends on the Internet Agent platform. 


NetWare: domain\wpgate\gwia000.prc\gwwork 
Linux: domain/wpgate/gwia/000.prc/gwwork 
Windows: c:\grpwise\gwia 


If you type a path to a Windows drive (rather than using the Browse button to select the 
directory), you must use UNC path syntax. 


This setting corresponds with the Internet Agent’s /work switch. 


SMTP Queues Directory: Select the directory where the Internet Agent stores messages being 
routed to and from the Internet. The default directory depends on the Internet Agent platform. 


NetWare: domain\wpgate\gwia 
Linux: domain/\wpgate/gwia 
Windows: c:\grpwise\gwia 


Four subdirectories are created under the SMTP queues directory: defer, send, receive, and 
result. 


This setting corresponds with the Internet Agent’s /dhome switch. 
4 Click the Advanced button. 


Advanced Server Directories 





SMTP Service Queues Directory: | 


| (E Cancel 
This directory has two purposes: Help 


1. Troubleshooting message processing problems 
2. Inserting third-party software into the message processing 


For more information, click Help. 





5 Fill in the field: 


SMTP Service Queues Directory: If you want, specify a secondary SMTP queues directory 
for outbound messages. This secondary directory can be helpful for troubleshooting by 
providing a way to trap messages before they are routed to the Internet. You can also use the 
secondary directory to run third-party utilities such as a virus scanner on Internet-bound 
messages. 


The Internet Agent places all outbound messages in this secondary directory. The messages 
must then be moved manually (or by another application) to the primary SMTP queues’ send 
directory (see Step 3) before the Internet Agent routes them to the Internet. 


This setting corresponds with the /smtphome switch. 


If you type a directory path rather than using the Browse button to select a directory, make sure 
you use UNC path syntax. 


6 Click OK to close the dialog box. 
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7 Click OK to save the changes to the directory locations. 


50.2 Increasing Internet Agent Speed 


You can implement the following procedures to help enhance the Internet Agent’s processing speed: 


+ Section 50.2.1, “Sending and Receiving Threads,” on page 801 
¢ Section 50.2.2, “Changing the Maximum Packet Received Buffers,” on page 801 
+ Section 50.2.3, “Increasing Polling Time,” on page 801 


¢ Section 50.2.4, “Decreasing the Timeout Cycles,” on page 802 


50.2.1 Sending and Receiving Threads 


The Internet Agent uses sending and receiving threads to process incoming and outgoing messages. 
The more threads you make available, the more messages the Internet Agent can process 
concurrently. However, threads place a demand on the server’s resources. Too many threads can 
monopolize memory and CPU utilization. 


Make sure you balance your processing speed requirements with the other applications running on 
the same server as the Internet Agent. 


For information about adjusting the SMTP sending and receiving threads, see Section 46.1.1, 
“Configuring Basic SMTP/MIME Settings,” on page 717. 


50.2.2 Changing the Maximum Packet Received Buffers 


This option is available only for the NetWare® version. If you leave the send and receive threads at 
their default settings, you probably do not need to change the Maximum Packet Received Buffers 
parameter. However, if you significantly increase the number of send and receive threads, you 
should increase the default Maximum Packet Received Buffers parameter to better accommodate the 
SMTP processes. You must change this parameter at the server. 


50.2.3 Increasing Polling Time 


Incoming and outgoing messages are stored in priority queues. The Internet Agent polls these 
queues and then forwards the messages for distribution. The Time option lets you control how often 
the Internet Agent polls these queuing directories. Make sure you balance polling time requirements 
with the other applications running on the same server as the Internet Agent. 


1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 
2 Click GroupWise > Gateway Time Settings to display the Gateway Time Settings page. 
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Properties of GWIA 
LDAP | POP31MAP4 | Server Directories | Access Control v | Reattach | Post Office Links 


Send/Receive Cycle: 120 i seconds 
Minimum Run: 0 = seconds 


= 
Idle Sleep Duration: 30 1 seconds 








Snap Shot Interval: 600 $ seconds 


Page Options... 








3 Modify the following settings: 


Idle Sleep Duration: Select the time, in seconds, you want the Internet Agent to idle after it 
has processed its queues. A low setting, such as 5 seconds, speeds up processing but requires 
more resources. A higher setting slows down the Internet Agent but requires fewer resources by 
reducing the number of network polling scans. 


Snap Shot Interval: The Snap Shot Interval is a sliding interval you can use to monitor 
Internet Agent activity. For example, if the Snap Shot Interval remains at the default (10 
minutes), the Snap Shot columns in the console display only the previous 10 minutes of 
activity. 


4 Click OK to save the changes. 


50.2.4 Decreasing the Timeout Cycles 


The Internet Agent has a series of switches that control its timeout settings. By decreasing the 
default time of the timeout cycles you might be able to slightly increase the Internet Agent speed. 
However, the timeout cycles do not place an extremely significant burden on the overall 
performance of the Internet Agent so the effect might be minimal. You should consider this option 
only after you have tried everything else. 


For information about configuring the timeout settings in ConsoleOne, see Section 46.1.5, 
“Configuring the SMTP Timeout Settings,” on page 725. For information about configuring the 
settings using startup switches, see Section 52.6.9, “Timeouts,” on page 837. 


50.3 Automating Reattachment to NetWare 
Servers 


You can specify the reattach information for the Windows Internet Agent in ConsoleOne. Whenever 
the Windows Internet Agent loses its connection to a post office that is on a NetWare server, it reads 
the reattach information from the domain database and attempt to reattach to the NetWare server. 


The NetWare Internet Agent does not use this information. To reattach to NetWare servers where 
user post offices reside, the NetWare Internet Agent uses the user ID and password specified during 


802 GroupWise 7 Administration Guide 


installation. This user ID and password are specified in the gwia . c £g file. For more information, 
see Section 52.3, “Required Switches,” on page 821. 


To specify the reattachment information for the Windows Internet Agent: 
1 In ConsoleOne, right-click the Internet Agent object, then click Properties. 
2 Click Reattach > Settings to display the NetWare reattachment Settings page. 


Properties of GWIA 
POP3AMAP4 | Server Directories | Access Control + | ost Office Links | GroupWise + | NDS Rights + |{ 





Tree: | 





Context: | 





User ID: | 


Password: 


Each connection to a post office must be established using the above NetWare login information. 





Page Options... Cancel Apply 





3 Define the following properties: 


Tree: Specify the Novell® eDirectory™ tree that the Internet Agent logs in to. If the Internet 
Agent does not use an eDirectory user account, leave this field blank. 


Context: Specify the eDirectory context of the Internet Agent’s user account. If the Internet 
Agent does not use an eDirectory user account, leave this field blank. 


User ID: Specify the name of the user account. 
Password: Specify the password for the user account. 
4 Click OK. 
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Connecting GroupWise Systems 
and Domains Using the Internet 
Agent 


The Internet Agent can be used as a link between GroupWise” systems and between domains in the 
same Group Wise system. 

+ Section 51.1, “Connecting GroupWise Systems,” on page 805 

¢ Section 51.2, “Linking Domains,” on page 810 


51.1 Connecting GroupWise Systems 


If you have two independent Group Wise systems, you can use the Internet Agent to connect the two 
systems. This requires each GroupWise system to have the Internet Agent installed. 


After the systems are connected, you can synchronize information between the two systems so that 
users from both systems appear in the GroupWise Address Book. 


The following sections provide instructions: 


+ Section 51.1.1, “Overview,” on page 805 

+ Section 51.1.2, “Creating an External Domain,” on page 806 

¢ Section 51.1.3, “Linking to the External Domain,” on page 807 

+ Section 51.1.4, “Checking the Link Status of the External Domain,” on page 809 
+ Section 51.1.5, “Sending Messages Between Systems,” on page 810 


+ Section 51.1.6, “Exchanging Information Between Systems,” on page 810 


51.1.1 Overview 


For the purpose of the following discussion, GWSys1 and GWSys2 represent two separate 
Group Wise systems. 


When you connect the two systems, you connect the two domains where the Internet Agents are 
located. To do so: 


+ In GWSys1, define the GWSys2 Internet Agent domain as an external domain. Configure a 
domain link from the GWSys1 Internet Agent domain to the external domain, defining the link 
type as a gateway link that uses the Internet Agent. This allows GWSys1 to deliver messages to 
GWSys2. 


+ In GWSys2, define the GWSys1 Internet Agent domain as an external domain. Configure a 
domain link from the GWSys2 Internet Agent domain to the external domain, defining the link 
type as a gateway link that uses the Internet Agent. This allows GWSys2 to deliver messages to 
GWSys1. 
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After you’ve connected the two systems, users can send messages between the two systems by 
entering the recipients’ full addresses (userID.post_office.domain or user@host). 


If desired, you can simplify addressing by exchanging information between systems, which causes 
user information to be displayed in the Address Book. The easiest way to exchange information is to 
enable the External System Synchronization feature in both systems. When enabled, this 
synchronization constantly updates the Address Books in both systems so that local users can more 
easily address messages to and access information about the users in the external system. If you 
don’t want to enable the External System Synchronization feature, you can manually exchange 
information. 


51.1.2 Creating an External Domain 


The first step in connecting two GroupWise systems by way of Internet Agents is to create an 
external domain in each GroupWise system. The external domain represents the Internet Agent 
domain in the other GroupWise system and provides the medium through which you define the link 
to the other system. 


To create an external domain: 


1 In ConsoleOne®, right-click Group Wise System, then click New > External Domain to display 
the Create External Group Wise Domain dialog box. 


Create External GroupWise Domain 


Domain name: 





Domain Database Location (optional): 








Time Zone: 
(GMT-07:00) Mountain Time (US & Canada) 





Version: 
z 





Link To Domain: 











Provo1 


|” Create another domain 





2 Fill in the following fields: 


Domain Name: Specify the name of the Internet Agent domain as it is defined in the external 
Group Wise system. 


Domain Database Location (Optional): Leave this field empty. 
Time Zone: Select the time zone where the domain is physically located. 


Version: Select the external domain’s GroupWise version. The domain’s version is determined 
by its MTA version. The options are 4.X, 5.X, and 6, 6.5, and 7. 


Link to Domain: Select the domain in your system that you want to link to the external 
domain. This must be your system’s Internet Agent domain. By default, all messages sent to the 
external GroupWise system are routed to this domain. The domain’s MTA then routes the 
messages to the Internet Agent, which connects to the Internet Agent in the other system. 


3 Click OK to create the external domain. 


The external domain is added to your GroupWise system and is visible in the Group Wise View. 
In the following example, Dublin is the external domain. 
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Novell ConsoleOne DER) 


File Edit View Tools Help 


ee 








External GroupWise 
Primary 


Secondar: 
SQ Waltham i 


#@ Waltham2 


‘Waltharn1 K\gwsystemiwaitham 





4 Repeat Step 1 through Step 3 to define an external domain in the second GroupWise system. If 
you do not have administrative rights to that system, you must coordinate with that GroupWise 
system’s administrator. 


Novell ConsoleOne 
File Edit View Tools Help 


HREM 
ED My world [OO Domainname | pominntyee | 


Primary 
External GroupWise 
Secondary 





H-S} Dublin 
H- Walthami 
EE-D Waitham2 





[Matthami kK: \gwsystemiwaltham 





5 Continue with Linking to the External Domain. 


51.1.3 Linking to the External Domain 


After you define a domain from the other GroupWise system as an external domain in your system, 
you need to make sure that your system’s domains have the appropriate links to the external domain. 


The Internet Agent domain in your system needs to have a gateway link to the external domain. All 
other domains in your system have indirect links (through the Internet Agent domain) to the external 
domain. These links are configured automatically when the external domain was created. 


To configure the gateway link for your Internet Agent domain: 


1 In ConsoleOne, right-click the Internet Agent domain, then click GroupWise Utilities > Link 
Configuration to display the Link Configuration utility. 


Connecting GroupWise Systems and Domains Using the Internet Agent 807 


PC] GroupWise Link Configuration Tool - K:\gwsystem\waltham1 
File Edit Search View Window Help 


62] MM 2) RS) BIGI] peron pren 








Domain: Waltham1 

‘Outbound Links from Walthami 

Direct Indirect Gateway Undefined 
S Dublin 

% Waltham2 














Direct: Indirect Undefined 
% Waltham2 











2 Inthe Outbound Links list, double-click the external domain to display the Edit Domain Link 
dialog box. 


KS Edit Domain Link XJ 


Description: How Waltham1 connects to Dublin OK 
Link Type: [Direct E 
lé Cancel 
Settings - 
Protocol: UNC fa 


UNC Path: —fiWED-NWisysigwsystem\dublin E| Shena. 


I Override 





Help 





Maximum send message size: 0 4 MBytes 
Delay message size: 0 S| MBytes 


Transfer Pull Info... External Link Info... 
| 








3 Modify the following fields: 
Link Type: Select Gateway. 
Gateway Link: Select the name of your Internet Agent. 


Gateway Access String: Specify the hostname (Internet Agent object > SMTP/MIME > 
Settings) or foreign ID (Internet Agent object > GroupWise > Identification) assigned to the 
external domain’s Internet Agent (for example, gwia.ctp.com). 


Return Link: Leave this set to your Internet Agent domain. 
4 Click OK to save your changes. 


The external domain is displayed in the Gateway column of the Outbound Links list to show 
that the current domain is using a gateway link to the external domain. The % symbol indicates 
a gateway link. The t symbol indicates that the link configuration is not yet saved. To save the 
configuration information, click Edit > Save. 
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KS GroupWise Link Configuration Tool - K:\gwsystem\waltham1 


File Edit Search View Window Help 


ge kl] 2] Q à R by Maithami (Primary) =] (imm M 


Domain: Waltham1 
Outbound Links from Waltharn1 








REE: 








r Direct: Indirect: Gateway Undefined. 
LA Waltham2 S ? Dublin (GMA) 


rDirect Indirect Undefined 
% Waltham2 

















By default, the rest of the domains in your system should have an indirect link to the external 
domain. To verify this for a domain: 


In the list of domains on the Link Configuration utility’s toolbar, select the domain whose link 


you want to check, then verify that the external domain is displayed in the Indirect column of 
the Outbound Links list. 


The “2 symbol indicates an indirect link. If the x symbol is displayed, the link modification has 
not yet been propagated to the domain. 


KS GroupWise Link Configuration Tool - K:\gwsystem\waltham1 
File Edit Search View Window Help 


E E El Q AN Ps | }Wattham2 (Secondary) =i Ņ na 


Domain: Waltham? 
Outbound Links from Waltham2 














r Direct: Indirect: p Gateway Undefined 
Es ‘Waltham1 *? Dublin (Waltham1) 


p Direct: 
$% Waltham1 





rindirect 











6 After verifying your domain links, repeat Step 1 through Step 5 in the second GroupWise 
system to establish the links to the first GroupWise system. If you do not have administrative 
rights to that system, you must coordinate with that GroupWise system’s administrator. 


7 Continue with Checking the Link Status of the External Domain. 


51.1.4 Checking the Link Status of the External Domain 


The GroupWise MTA has monitoring capabilities that let you determine whether the domains in 
your system are properly linked to the external domain. When you look at the MTA’s operation 
screen, you should see the external domain added to the domain count in the Status box. 


If the link to the external domain is closed, the MTA should be logging and displaying the reasons 
under its Configuration Status function. 
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For more information about link protocols, see Chapter 10, “Managing the Links between Domains 
and Post Offices,” on page 137. 


51.1.5 Sending Messages Between Systems 


After you’ve established links between the Internet Agent domains in the two GroupWise systems, 
users in one system can send message to recipients in the other system by including the recipients’ 
fully-qualified Group Wise addresses: 

userID.post office.domain or user@host 


To simplify addressing for your GroupWise users, you can exchange information between the two 
systems. This enables users in your GroupWise system to use the Address Book when selecting 
recipients from the other system. For information, see the next section, Exchanging Information 
Between Systems. 


51.1.6 Exchanging Information Between Systems 


Exchanging information between two GroupWise systems enables users in either system to use the 
Address Book when addressing messages to users in the other system. To exchange information, 
you can choose from the following methods: 


External System Synchronization: You can use the External System Synchronization feature to 
automatically exchange domain, post office, user, resource, and distribution list information 
between the two systems. After the initial exchange of information, any information that changes in 
one system is automatically propagated to the other system in order to synchronize the information 
in that system. This is the recommended method for exchanging information between two systems. 
For information about setting up synchronization between two external systems, see Section 4.8, 
“External System Synchronization,” on page 64. 


Manual Creation of Information: You can manually create the other systems’ objects (domains, 
post offices, users, resources, and distribution lists) as external objects in your GroupWise system. 
When doing so, the names of your external objects need to exactly match the names of the objects as 
defined in their system. Domains in your system link to the external domains indirectly through the 
first external domain you created (this is the external domain that one of your system’s domains has 
a direct link to). The advantage to this method is that you can choose which of the other system’s 
domains, post offices, users, resources, and distribution lists you want included in your system. The 
disadvantage is that there is a great amount of administrative overhead involved in creating all the 
objects and, after the objects are created, no automatic synchronization takes place so updates must 
be made manually. 


51.2 Linking Domains 


If you have domains that cannot be linked by way of a mapped or TCP/IP connection, you can 
connect them by way of gateway links, with the Internet Agent defined as the gateway. Both 
domains being linked must have an Internet Agent installed. 


For purposes of reducing confusion in the following steps, the two domains being connected are 
referred to as Provo and Cambridge. You should substitute your domains appropriately. 


To configure gateway links between two domains: 


810 GroupWise 7 Administration Guide 


1 In ConsoleOne, right-click the Provo domain, then click GroupWise Utilities > Link 
Configuration to display the Link Configuration utility. 


Gg GroupWise Link Configuration Tool - K:\gwsystem\waltham1 (EI 


File Edit Search View Window Help 


gs MM 12] QIX] PEI! Horn Primar 7 87) 
Domain: Waltham1 
Outbound Links from Waltham 





rDirect: Indirect Gateway Undefined 
A, Dublin 
% Waltham2 








r Direct Indirect Undefined 
% Waltham2 














2 Inthe Outbound Links list, double-click the Cambridge domain to display the Edit Domain 
Link dialog box. 


[E Edit Domain Link 
Description: How Yvaltham1 connects to Dublin 


OK 
Link Type: Direct x 


Cancel 
Settings Help 
Protocol: JUNC x 


UNC Path: MWBD-Nisysigwsystemidublin Scheduling... 


I Override 





Maximum send message size: 0 + MBytes 
Delay message size: 0 4 MBytes 


Transfer Pull Info... External Link Info... 








3 Modify the following fields: 
Link Type: Select Gateway. 
Gateway Link: Select the name of the Provo domain’s Internet Agent. 


Gateway Access String: Specify the hostname (Internet Agent object > SMTP/MIME > 
Settings) or foreign ID (Internet Agent object > GroupWise > Identification) of the Cambridge 
domain’s Internet Agent (for example, gwia.ctp.com). 


Return Link: Leave this set to the Provo domain. 
4 Click OK to save your changes. 


The Cambridge domain is displayed in the Gateway column of the Outbound Links list to show 
that the Provo domain is using a gateway link to it. The % symbol indicates a gateway link. 
The Î symbol indicates that the link configuration is not yet saved. To save the configuration 
information, click Edit > Save. 
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KS GroupWise Link Configuration Tool - K:\gwsystem\waltham1 DER) 
File Edit Search View Window Help 


ge 25] 2] Q à R by fatha (Primary) z Œ ul 


Domain: Waltham1 





Outbound Links from Waltharn1 
r Direct: Indirect 
% Waltham2 





Gateway Undefined. 
% ? Dublin (GWAA) 


Direct 
% Waltham2 


Indirect: 





Undefined 








By default, any domains that are already linked to your Provo domain should have an indirect 
link to the Cambridge domain through the Provo domain. To verify this for a domain: 


In the list of domains on the Link Configuration utility’s toolbar, select the domain whose link 


you want to check, then verify that the Cambridge domain is displayed in the Indirect column 
of the Outbound Links list. 


The “2 symbol indicates an indirect link. If the 3 symbol is displayed, the link modification has 
not yet been propagated to the domain. 


KS GroupWise Link Configuration Tool - K:\gwsystem\waltham1 
File Edit Search View Window Help 


E he] a El Q = LA bv fwatham2 (Secondary) = rm} na 
Domain: Waltham? 
Outbound Links from Waltham2 
r Direct: Indirect 
Es ‘Waltham1 *? Dublin (Waltham1) 








r Gateway Undefined. 


p Direct: 
$% Waltham1 





rindirect 











6 After verifying your domain links, repeat Step 1 through Step 5 in the second GroupWise 
system to establish the links to the first GroupWise system. If you do not have administrative 
rights to that system, you must coordinate with that GroupWise system’s administrator. 


The GroupWise MTA has monitoring capabilities that let you determine whether the domains in 
your system are properly linked. When you look at the MTA’s operation screen, you should see all 
domains, regardless of link type, included in the domain count in the Status box. 


If the link to a domain is closed, the MTA should be logging and displaying the reasons under its 


Configuration Status function. 


For more information about link protocols, see Chapter 10, “Managing the Links between Domains 


and Post Offices,” on page 137. 
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Using Internet Agent Startup 
Switches 





NOTE: Starting in GroupWise® 7 Support Pack 1, many Internet Agent configuration settings that 
were previously stored as startup switches in the Internet Agent configuration file (gwia.cfg) 
were moved into eDirectory™ so that they can be modified in ConsoleOne®. For background 
information about this change, see “Consolidated Configuration Information (v7.0.1)” in “What's 
New in GroupWise 7” in the GroupWise 7 Installation Guide. 





Startup switches let you modify the way the GroupWise Internet Agent works. Properly using 
startup switches can help you fine-tune the Internet Agent for your specific messaging environment. 


Choose from the following list to find out how to use Internet Agent startup switches, and for an 
explanation of the purpose for each of the switches. The switches are grouped into sections 
according to the features and functionality that they affect. 

+ Section 52.1, “How to Use Startup Switches,” on page 813 

+ Section 52.2, “Alphabetical List of Switches,” on page 815 

+ Section 52.3, “Required Switches,” on page 821 

¢ Section 52.4, “Console Switches,” on page 822 

¢ Section 52.5, “Environment Switches,” on page 823 

+ Section 52.6, “SMTP/MIME Switches,” on page 825 

+ Section 52.7, “POP3 Switches,” on page 842 

+ Section 52.8, “IMAP4 Switches,” on page 843 

+ Section 52.9, “HTTP (Web Console) Switches,” on page 845 

+ Section 52.10, “SSL Switches,” on page 846 

+ Section 52.11, “LDAP Switches,” on page 849 

+ Section 52.12, “Log File Switches,” on page 851 


52.1 Howto Use Startup Switches 


The Internet Agent reads its configuration file gwia.cfg at startup and restart. Only one switch is 
required in the gwia.cfg file. The /home switch points to the Internet Agent's gateway directory. 
This is always a subdirectory of wogate in the domain directory structure. 


You can use the gwia.cfg file to override primary configuration settings that are stored in the 
domain database (wodomain . db) and modified in ConsoleOne. You can also use the gwia.cfg 
file to set secondary configuration settings that are not available in ConsoleOne. Section 52.2, 
“Alphabetical List of Switches,” on page 815 indicates which settings are available in ConsoleOne 
and which settings are not. 


+ Section 52.1.1, “Changing Internet Agent Settings in ConsoleOne,” on page 814 
+ Section 52.1.2, “Modifying the gwia.cfg File,” on page 814 
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+ Section 52.1.3, “Editing Guidelines,” on page 814 


52.1.1 Changing Internet Agent Settings in ConsoleOne 


We recommend that you modify configuration settings in ConsoleOne rather than using 
corresponding switches in the gwia.cfg file. . 


52.1.2 Modifying the gwia.cfg File 


If you need to change the Internet Agent’s configuration and do not have access to ConsoleOne, you 
can manually edit the gwia . cfg file. Any changes you make to the gwia . cfg file override the 
primary settings in ConsoleOne so that the Internet Agent starts using the new settings. However, 
the primary settings are not changed in the domain database as a result of editing the gwia.cfg 
file. In order to specify secondary configuration settings that are not available in ConsoleOne, you 
must edit the gwia.cfg file. 


The location of the gwia . cfg file used by the Internet Agent depends on the Internet Agent’s 


platform: 

NetWare: The gwia.cfg file used by the NetWare® Internet Agent is located in the same 
directory as the agent (typically sys:\system). Do not edit the gwia . cfg file located in 
the domain\wpgate\gwia directory; if you do, the changes do not affect the 
Internet Agent. 

Linux: The gwia.cfg file used by the Linux Internet Agent is located in the /opt/nove11/ 


groupwise/agents/share directory. 


Windows: The gwia.cfg file used by the Windows Internet Agent is located in the 
domain\wpgate\gwia directory. Do not edit the gwia . cfg file located in the same 
directory as the Internet Agent program. This gwia . cfg file is only used to redirect the 
Internet Agent to the gwia. cfg file in the domain\wpgate\gwia directory. 


52.1.3 Editing Guidelines 


If you decide to manually edit the gwia.cfg file, keep the following guidelines in mind when 
making modifications: 


+ Archive a copy of the file in case you need to return to the original switch settings. 


+ Use a text editor to edit the file. 


+ The comment characters include the semicolon (;), pound sign (#), and asterisk (*), and are 
used to disable a switch or to add comments. The Internet Agent ignores any line that begins 
with a comment character. 


+ Changes made to the configuration file do not take effect until you restart the Internet Agent. 


¢ Switches used in the configuration file must begin with one of the following switch delimiters: 
/ (forward slash) or - (hyphen). For example, you can use /sd or -sd. On Linux, you can use the 
Linux double-hyphen standard (for example, --sd). 


+ You can use either a hyphen (-) or an equals sign (=) to separate a switch from its value. For 
example, you can use /sd-12 or /sd=12. If you use a hyphen rather than a forward slash as the 
switch delimiter, you must use an equal sign (for example, -sd=12). If you use the Linux 
double-hyphen standard, you must user a space (for example, --sd 12). 
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+ None of the switches or switch values are case sensitive. For example, /sd-12 is the same as / 


SD-12. 


+ Ifa switch is specified more than once in the configuration file or on the command line, and if 
it has a value (such as /loglevel=normal), only the last instance of the switch is used. 


+ The gwia.cfg file is used by default. However, you can also specify another configuration 
file or use startup switches on the command line when starting the Internet Agent program. If 
no other configuration file is specified on the command line (using the gwia @filename 
syntax), the default gwia . cfg configuration file is read and processed before, and in addition 
to, any command line switches. 


+ Ifa configuration file other than gwia .cfg is specified on the command line, the default 
gwia.cfg file is not read. 


52.2 Alphabetical List of Switches 


Primary configuration settings are available in ConsoleOne. Secondary configuration settings are 
not available in ConsoleOne and can be set only using switches in the gwia.cfg file. 


Switch starts with: abcdefghijklmnopqrstuvwxyz 


Table 52-1 Internet Agent Startup Switches 


NetWare Internet 
Agent 


/aql 


/aqor 
/noaqor 


/ari 


/attachmsg 
/noattachmsg 


/badmsg 


/blockrulegenmsg 


/certfile 


/cluster 
/color 
/dbchar822 


/dhome 


/defaultcharset 


/dia 
/nodia 


Linux Internet Agent 


--aql 


--agor 
--noaqor 
--ari 


--attachmsg 
--noattachmsg 


--badmsg 


--blockrulegenmsg 


--certfile 


N/A 
N/A 
--dbchar822 


--dhome 


--defaultcharset 


--dia 
--nodia 


Windows Internet 
Agent 


/aql 


/agor 
/noaqor 


Jari 


lattachmsg 
Inoattachmsg 


/badmsg 


/blockrulegenmsg 


/certfile 


N/A 
N/A 
/dbchar822 


/dhome 


/defaultcharset 


/dia 
/nodia 


ConsoleOne Settings 
SMTP/MIME > Address Handling > 
Sender’s Address Format 


SMTP/MIME > Address Handling > 
Place Domain and Post Office 
Qualifiers on Right of Address 


N/A 
N/A 


SMTP/MIME > Undeliverables > 
Undeliverable or Problem Message 


N/A 


GroupWise > SSL Settings > 
Certificate File 


N/A 
N/A 
N/A 


Server Directories > Settings > SMTP 
Queues Directory 


N/A 


SMTP/MIME > Address Handling > 
Ignore GroupWise Internet Addressing 
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NetWare Internet 
Agent 


N/A 


N/A 


/displaylastfirst 
/nodisplaylastfirst 


/dontreplaceunder 
score 
/replaceunderscore 


/dsn 
/nodsn 
/dsnage 
/etrnhost 


/etrnqueue 


/fd822 


/fdmime 


/flatfwd 
/noflatfwd 


/force7bitout 
/noforce7bitout 


/forceinboundauth 
/forceoutboundauth 


/fut 


/group 
/nogroup 


/help 
/hn 


/home 


Linux Internet Agent 


N/A 


N/A 


--displaylastfirst 
--nodisplaylastfirst 


--dontreplaceunder 
score 
--replaceunderscore 


--dsn 
--nodsn 
--dsnage 
--etrnhost 


--etrnqueue 


--fd822 


--fdmime 


--flatfwd 
--noflatfwd 


--force7bitout 
--noforce7bitout 


--forceinboundauth 
--forceoutboundauth 


--fut 


--group 
--nogroup 


--help 
--hn 


--home 
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Windows Internet 
Agent 
/dialpass 


/dialuser 


/displaylastfirst 
/nodisplaylastfirst 


/dontreplaceunder 
score 
/replaceunderscore 


/dsn 
/nodsn 
/dsnage 
/etrnhost 


/etrnqueue 


/fd822 


/fdmime 


/flatfwd/noflatfwd 


/force7bitout 
/noforce7bitout 


/forceinboundauth 
/forceoutboundauth 


/fut 


/group 
/nogroup 


/help 
/hn 


/home 


ConsoleOne Settings 


SMTP/MIME > Dial-Up Settings > 
Password 


SMTP/MIME > Dial-Up Settings > 
Username 


SMTP/MIME > Address Handling > 
Display Fullname as Lastname, 
Firstname 


SMTP/MIME > Address Handling > 
Do Not Replace Underscores with 
Spaces 


SMTP/MIME > ESMTP Settings > 
Enable Delivery Status Notification 
(DSN) 


SMTP/MIME > ESMTP Settings > 
DSN Hold Age 


SMTP/MIME > Dial-Up Settings > 
ETRN Host 


SMTP/MIME > Dial-Up Settings > 
ETRN Queue 


SMTP/MIME > Address Handling > 
Non-GroupWlse Domain for RFC-822 
Replies 


SMTP/MIME > Address Handling > 
Non-GroupWlse Domain for MIME 
Replies 


SMTP/MIME > Message Formatting > 
Enable Flat Forwarding 


SMTP/MIME > Settings > Use 7 Bit 
Encoding for All Outbound Messages 


N/A 
N/A 


SMTP/MIME > Undeliverables > 
Forward Undeliverable Inbound 
Messages 


SMTP/MIME > Address Handling > 
Expand Groups on Incoming 
Messages 


N/A 


SMTP/MIME > Settings > Hostname/ 
DNS Record “A Record” Name 


N/A 


NetWare Internet 
Agent 
Ihttppassword 


/httpport 


/httprefresh 
/nttpssl 


/httpuser 


limap4 


/imapport 


/imapreadlimit 


/imapsport 


/imapssl 


limip 


/noimip 


/ip 


lipa 

lipp 
liso88591is 
lit 


/keepsendgroups 
/nokeepsendgroups 


/keyfile 
/keypasswd 
/killthreads 
/nokillthreads 


/koi8 
/ldap 


Linux Internet Agent 


--httppassword 


--httpport 


--httprefresh 
--httpssl 


--httpuser 


--imap4 


--imapport 


--imapreadlimit 


--imapsport 


--imapssl 


--imip 


--noimip 


--ip 


--ipa 

--ipp 
--iso88591is 
--it 


--keepsendgroups 
--nokeepsendgroups 


--keyfile 
--keypasswd 
--killthreads 
--nokillthreads 


--koi8 


--Idap 


Windows Internet 
Agent 
/httppassword 


/httpport 


/httprefresh 
/httpssl 


/httpuser 


limap4 


/imapport 


/imapreadlimit 


/imapsport 


limapssl 


limip 


Inoimip 


lip 


lipa 

lipp 
liso88591is 
lit 


/keepsendgroups 
/nokeepsendgroups 


/keyfile 


/keypasswd 


/killthreads 
/nokillthreads 


/koi8 
/\dap 


ConsoleOne Settings 
GroupWise > Optional Gateway 
Settings > HTTP Password 


GroupWise > Network Address > 
HTTP Port 


N/A 


GroupWise > Network Address > 
HTTP SSL 


GroupWise > Optional Gateway 
Settings > HTTP User Name 


POP3/IMAP4 > Settings > Enable 
IMAP4 Service 


GroupWise > Network Address > 
IMAP Port 


POP3/IMAP4 > Settings > Maximum 
Number of Items to Read 


GroupWise > Network Address > 
IMAP SSL Port 


GroupWise > Network Address > 
IMAP SSL 


SMTP/MIME > Settings > Enable iCal 
Service 


GroupWise > Network Address > Bind 
Exclusively to TCP/IP Address 


N/A 
N/A 
N/A 


POP3/IMAP4 > Settings > Number of 
Threads for IMAP4 Connections 


SMTP/MIME > Address Handling > 
Retain Distribution Lists on Outgoing 
Messages 


GroupWise > SSL Settings > SSL Key 
File 


GroupWise > SSL Settings > 
Password 


SMTP/MIME > Settings > Kill Threads 
on Exit or Restart 


N/A 


LDAP > Settings > Enable LDAP 
Service 
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NetWare Internet 
Agent 


/idapcntxt 
/\dapipaddr 
/\dapport 


/\dappwd 
Ildaprefcntxt 


Idaprefurl 
Idapserverport 
/I\dapserversslport 
/\dapssl 
/noldapssl 


Adapthrd 


/\dapuser 


log 


/logdays 


loglevel 


/logmax 


/maxdeferhours 


/mbcount 


/mbtime 


/mh 


/mime 


/mono 


/msgdeferinterval 


Linux Internet Agent 


--Idapentxt 
--Idapipaddr 
--Idapport 


--Ildappwd 
--Idaprefcntxt 


--Idaprefurl 
--Idapserverport 
--Idapserverssiport 
--Idapssl 
--noldapssl 


--Idapthrd 


--ldapuser 


--log 


--logdays 


--loglevel 


--logmax 


--maxdeferhours 


--mbcount 


--mbtime 


--mh 


--mime 


N/A 


--msgdeferinterval 
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Windows Internet 
Agent 


Idapentxt 
/\dapipaddr 
Idapport 


/\dappwd 
/\daprefcntxt 


/\daprefurl 
lIdapserverport 
lIdapserverssiport 
lIdapssl 
Inoldapssl 


/\dapthrd 


/\dapuser 


log 


/logdays 


loglevel 


/logmax 


/maxdeferhours 


/mbcount 


/mbtime 


/mh 


/mime 


N/A 


/msgdeferinterval 


ConsoleOne Settings 


LDAP > Settings > LDAP Context 
N/A 


GroupWise > Network Address > 
LDAP Port 


N/A 
LDAP > Settings > LDAP Context 


LDAP > Settings > LDAP Referral 
URL 


GroupWise > Network Address > 
LDAP Port 


GroupWise > Network Address > 
LDAP SSL Port 


GroupWise > Network Address > 
LDAP SSL 


LDAP > Settings > Number of LDAP 
Threads 


N/A 


GroupWise > Log Settings > Log File 
Path 


GroupWise > Log Settings > Max Log 
File Age 


GroupWise > Log Settings > Log Level 


GroupWise > Log Settings > Max Log 
Disk Space 


SMTP/MIME > Settings > Maximum 
Number of Hours to Retry a Deferred 
Message 


SMTP/MIME > Security Settings > 
Enable Mailbomb Protection and 
Mailbomb Threshold 


SMTP/MIME > Security Settings > 
Enable Mailbomb Protection and 
Mailbomb Threshold 


SMTP/MIME > Settings > Relay Host 
for Outbound Messages 


SMTP/MIME > Message Formatting > 
Default Message Encoding: MIME 


N/A 


SMTP/MIME > Settings > Intervals to 
Retry a Deferred Message 


NetWare Internet 
Agent 


/mudas 


/nasoq 
/noesmtp 


/noiso2022 
liso2022 


/nomappriority 
/mappriority 


/nosmtpversion 
/smtpversion 
/nosnmp 


/notfamiliar 
/familiar 


/nqpmt 


IP 


/password 


/pop3 


/nopop3 


/popintruderdetect 


/popport 


/popsport 


/popssl 


/pt 


/rbl 


/rd 


/realmailfrom 
/norealmailfrom 


Linux Internet Agent 


--mudas 


--nasoq 
--noesmtp 


--noiso2022 
--iso2022 


--nomappriority 
--mappriority 


--nosmtpversion 
--smtpversion 
--nosnmp 


--notfamiliar 
--familiar 


--nqpmt 


-p 


N/A 


--pop3 
--nopop3 


--popintruderdetect 


--popport 


--popsport 


--popssl 


--pt 


--rbl 


--rd 


--realmailfrom 
--norealmailfrom 


Windows Internet 
Agent 


/mudas 


/nasoq 
/noesmtp 


/noiso2022 
liso2022 


/nomappriority 
/mappriority 


/nosmtpversion 
/smtpversion 
/nosnmp 


/notfamiliar 
/familiar 


/nqpmt 


IP 

N/A 

/pop3 

/nopop3 
/popintruderdetect 
/popport 
/popsport 

/popssl 

--pt 

/rbl 


/rd 


/realmailfrom 
/norealmailfrom 


ConsoleOne Settings 


SMTP/MIME > Undeliverables > 
Amount of Original Message to Return 
to Sender When Message Is 
Undeliverable 


N/A 
N/A 
N/A 


SMTP/MIME > Message Formatting > 
Disable Mapping X-Priority Fields 


SMTP/MIME > Settings > Do Not 
Display GroupWise Information on an 
Initial SMTP Connection 


N/A 
N/A 


SMTP/MIME > Message Formatting > 
Enable Quoted Printed Message Text 
Line Wrapping 


SMTP/MIME > Settings > Scan Cycle 
for Send Directory 


N/A 


POP3/IMAP4 > Settings > Enable 
POP3 Service 


POP3/IMAP4 > Settings > Enable 
Intruder Detection 


GroupWise > Network Address > POP 
Port 


GroupWise > Network Address > POP 
SSL Port 


GroupWise > Network Address > POP 
SSL 


POP3/IMAP4 > Settings > Number of 
Threads for POP3 


Access Control > Blacklists > Blacklist 
Addresses 


SMTP/MIME > Settings > Number of 
SMTP Receive Threads 


SMTP/MIME > Address Handling > 
Use GroupWise User Address as Mail 
From: for Rule Generated Messages 
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NetWare Internet 
Agent 


/rejbs 


/relayaddsignature 


Irt 


/sd 


N/A 


/smtp 


/smtphome 


/smtpport 


/smtpssl 


/sslit 


/sslpt 


/st 


Itc 


/td 


Ite 


itg 
Itr 
/tt 


/usedialup 


/user 


Linux Internet Agent 


--rejbs 


--relayaddsignature 


--sd 


--show 


--smtp 


--smtphome 


--smtpport 


--smtpssl 


--sslit 


--ssipt 


--st 


--usedialup 


N/A 
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Windows Internet 
Agent 


/rejbs 


/relayaddsignature 


/rt 


/sd 


N/A 


/smtp 


/smtphome 


/smtpport 


/smtpssl 


/sslit 


/sslpt 


/st 


/tc 


/td 


/te 


/tg 
/tr 
Itt 


/usedialup 


N/A 


ConsoleOne Settings 


SMTP/MIME > Security Settings > 
Reject Mail If Sender’s Identity Cannot 
Be Verified 


SMTP/MIME > Message Formatting > 
Apply Global Signature to Relay 
Messages 


SMTP/MIME > Message Formatting > 
Number of Inbound Conversion 
Threads 


SMTP/MIME > Settings > Number of 
SMTP Send Threads 


N/A 


SMTP-MIME > Settings > Enable 
SMTP 


Server Directories > Settings > 
Advanced > SMTP Service Queues 
Directory 


GroupWise > Network Address > 
SMTP Port 


GroupWise > Network Address > 
SMTP SSL 


POP3/IMAP4 > Settings > Number of 
Threads for IMAP4 SSL Connections 


POP3/IMAP4 > Settings > Number of 
Threads for POP3 SSL Connections 


SMTP/MIME > Message Formatting > 
Number of Outbound Conversion 
Threads 


SMTP/MIME > Timeouts > 
Commands 


SMTP/MIME > Timeouts > Data 


SMTP/MIME > Timeouts > Connection 
Establishment 


SMTP/MIME > Timeouts > Greeting 
SMTP/MIME > Timeouts > TCP Reset 


SMTP/MIME > Timeouts > Connection 
Termination 


SMTP/MIME > Dial-Up Settings > 
Enable Dial-Up 


N/A 


NetWare Internet Windows Internet 


Linux Internet Agent ConsoleOne Settings 


Agent Agent 

/uueaa --uueaa /uueaa SMTP/MIME > Message Formatting > 
UUEncode All Message Attachments 

/work --work /work Server Directories > Settings > 
Conversion Directory 

/wrap --wrap /wrap SMTP/MIME > Message Formatting > 
Line Wrap Length for Message Text 
on Outbound Mail 

/xspam --xspam /xspam SMTP/MIME > Junk Mail 


52.3 Required Switches 


The following switches point the Internet Agent to the Internet Agent’s directory. They are assigned 
their initial value during installation. 


/dhome 
/hn 
/home 


The following switches are only for the NetWare version of the Group Wise Internet Agent, and are 
only required if the Internet Agent is running in remote mode, meaning that it does not reside on the 
same server as the Group Wise domain directory. 


user 
/password 


52.3.1 /dhome 


Points to the SMTP service work area. This is normally the Internet Agent’s gateway directory 
under the domain\wpgate directory. See Section 50.1, “Relocating the Internet Agent’s Processing 
Directories,” on page 799. 


Syntax: /dhome=pathname 
NetWare Example: /dhome=sys: \headq\wpgate\gwia 
Linux Example: -dhome /gwsystem/provol/gwia 


Windows Example: /dhome=c: \gwia 


52.3.2 /hn 


Specifies the hostname that is displayed when someone connects to your Internet Agent using a 
Telnet session. You should enter the hostname assigned to you by your Internet service provider. 


Syntax: /hn=host name 


Example: /hn=gwia.novell.com 
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This switch is required only under certain circumstances. Normally, the Internet Agent gets the 
information from another source and does not need this switch. If you receive a message that the /hn 
switch is required, you must use the switch. 


For the NetWare version, the /hn switch is required only if you don’t use the hosts file in the sys:\etc 
directory to indicate the IP address and name of the Internet Agent server. If either of these options 
(the IP address or the name of the server) is not available, the program cannot start. 


52.3.3 /home 


Points the Internet Agent to the Internet Agent’s gateway directory. This is always a subdirectory of 
wpgate in the domain directory structure. 


Syntax: /home=gateway directory 
NetWare Example: /home=sys: \headq\wpgate\gwia 
Linux Example: -home /gwsystem/provol/gwia 


Windows Example: /home=j : \headq\wpgate\gwia 


52.3.4 /user (NetWare Only) 


Sets the login ID that the NetWare Internet Agent must use to log into a remote file server to access 
the domain database and Internet Agent directories. 


Syntax: /user-login ID 


52.3.5 /password (NetWare Only) 


Sets the password that the NetWare Internet Agent must use to log into a remote file server to access 
the domain database and Internet Agent directories. 


Syntax: /password-password 


52.4 Console Switches 


The following switches apply to the Internet Agent console and optional SNMP management 
console: 


/color 
/help 
/mono 
/nosnmp 
--show 


52.4.1 /color 


Sets the default color ofthe Internet Agent console. The values range from 0-7. 


Syntax: color-0|1|2|3|4|5|6| 7 
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Example: /color-3 


You can also change the color of the screen for an Internet Agent session. From the menu on the 
bottom of the console, select Options, then press the key for Colors. 


52.4.2 /help 


Displays the Help screen for the startup switches. 


Syntax: /help 


52.4.3 /nosnmp 


Disables SNMP for the Internet Agent. The default is to have SNMP enabled. See Section 49.4, 
“Using an SNMP Management Console,” on page 789. 


Syntax: /nosnmp 


52.4.4 /mono 


Runs the Internet Agent for a computer with a monochrome monitor. 


Syntax: /mono 


52.4.5 --show (Linux Only) 


Starts the Linux Internet Agent with an agent console interface similar to that provided for the 
NetWare and Windows Internet Agent. This user interface requires that the X Window System and 
Open Motif* are running on the Linux server. 


Syntax: --show 


52.5 Environment Switches 


The following switches configure Internet Agent environment settings such as working directories 
and NetWare clustering support. 


/ip 

/ipa 
/cluster 
/smtphome 
/work 


52.5.1 /ip 


Binds the Internet Agent to the specified IP address so that, on a server with multiple IP addresses, 
the Internet Agent uses only the specified IP address. 


Syntax: /ip-address 


Example: /ip-172.16.5.18 
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52.5.2 lipa 


Specifies the IP address (or hostname) of a GroupWise POA that the Internet Agent can use to 
resolve IP addresses of other POAs in the system. This replaces the need to configure post office 
links for the Internet Agent in ConsoleOne (Internet Agent object > Post Office Links > Settings). 


If you have established a GroupWise name server (ngwnameserver), you can use it. See 
Section 36.2.2, “Simplifying Client/Server Access with a GroupWise Name Server,” on page 488. 


Syntax: /ipa-address 


Example: /ipa-ngwnameserver 


52.5.3 /ipp 


Specifies the port number of a GroupWise POA that the Internet Agent can use to resolve IP 
addresses of other POAs in the system. This replaces the need to configure post office links for the 
Internet Agent in ConsoleOne (Internet Agent object > Post Office Links > Settings). 


If you have established a GroupWise name server (ngwnameserver), you can use it. See 
Section 36.2.2, “Simplifying Client/Server Access with a GroupWise Name Server,” on page 488. 


Syntax: /ipp-port number 


Example: /ipp-1678 


52.5.4 /cluster (NetWare Only) 


Informs the Internet Agent that it is running in a Novell® Cluster Services™ environment. For 
detailed information about running the Internet Agent in a clustering environment, see 
“Implementing the Internet Agent in a NetWare Cluster” in “Novell Cluster Services on NetWare” 
in the GroupWise 7 Interoperability Guide. 


Syntax: /cluster 


52.5.5 /smtphome 


Specifies a secondary SMTP queues directory for inbound and outbound messages. This secondary 
directory can be helpful for troubleshooting by providing a way to trap messages before they are 
routed to the Internet. You can also use the secondary directory to run third-party utilities such as a 
virus scanner on Internet-bound messages. See Section 50.1, “Relocating the Internet Agent’s 
Processing Directories,” on page 799. 


The Internet Agent places all outbound messages in this secondary directory. The messages must 
then be moved manually (or by another application) to the primary SMTP queue’s send directory (/ 
dhome switch) before the Internet Agent routes them to the Internet. 


Syntax: /smtphome-path 


Example: /smtphome-mail:\provol\wpgate\gwia\smtp2 
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52.5.6 /work 


Sets the directory where the Internet Agent stores its temporary files. On NetWare and Linux, the 
work directory is located in the domain by default. On Windows, it is not. 


NetWare: domain\wpgate\gwia\000.prc\gwwork 
Linux: domain/wpgate/qwia/\000.prc/gwwork 


Windows: c:\grpwise\gwia 


Syntax: /work-pathname 
NetWare Example: /work-sys:\tmp\work 
Linux Example: -work /opt/novell/groupwise/tmp 


Windows Example: /work-j:\tmp\work 


52.5.7 /nasoq 


By default, the Internet Agent sends the accounting file (acct) to users specified as accountants in 
ConsoleOne (Internet Agent object > GroupWise > Gateway Administrators). The file is sent daily 
at midnight and any time the Internet Agent shuts down. 


This switch instructs the Internet Agent to send the acct file once daily at midnight, not each time the 
Internet Agent quits or is shut down. 


Syntax: /nasog 


52.6 SMTP/MIME Switches 


The following sections categorize and describe the switches that you can use to configure the 
Internet Agent’s SMTP/MIME settings: 


+ Section 52.6.1, “SMTP Enabled,” on page 826 

+ Section 52.6.2, “iCal Enabled,” on page 826 

+ Section 52.6.3, “Address Handling,” on page 826 

+ Section 52.6.4, “Message Formatting and Encoding,” on page 831 
+ Section 52.6.5, “Forwarded and Deferred Messages,” on page 834 
+ Section 52.6.6, “Extended SMTP,” on page 835 

+ Section 52.6.7, “Send/Receive Cycle and Threads,” on page 835 
+ Section 52.6.8, “Dial-Up Connections,” on page 836 

+ Section 52.6.9, “Timeouts,” on page 837 

+ Section 52.6.10, “Relay Host,” on page 838 

+ Section 52.6.11, “Host Authentication,” on page 839 

+ Section 52.6.12, “Undeliverable Message Handling,” on page 840 
+ Section 52.6.13, “Mailbomb and Spam Security,” on page 840 
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52.6.1 SMTP Enabled 


The following switches enable SMTP and suppress version information display. 
/smtp 

/nosmtpversion 

Ismtp 


Enables the Internet Agent to process SMTP messages. See Section 46.1.1, “Configuring Basic 
SMTP/MIME Settings,” on page 717. 


Syntax: / smtp 


Inosmtpversion 


Suppresses the Group Wise version and copyright date information that the Internet Agent typically 
responds with when contacted by another SMTP host or a telnet session. 


Syntax: /nosmtpversion 


52.6.2 iCal Enabled 


The following switch enables iCal. 
/imip 
limip 


Converts outbound GroupWise Calendar items into MIME text/calendar 1Cal objects and converts 
incoming MIME text/calendar messages into GroupWise Calendar items. 


Syntax: /imip 


52.6.3 Address Handling 


The following switches determine how the Internet Agent handles e-mail addresses: 


/aql 

/aqor 

/ari 
/blockrulegenmsg 
/dia 
/displaylastfirst 
/dontreplaceunderscore 
/fd822 

/fdmime 

/group 
/keepsendgroups 
/msstu 
/nomappriority 
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/notfamiliar 
/realmailfrom 


laql 


Allows you to determine the address qualification level. It specifies which GroupWise address 
components (domain.post_office.user) must be included as the user portion of a GroupWise user’s 
outbound Internet address (userhost). Valid options are auto, userid, po, and domain. 


This switch is valid only if your system is not configured to use Internet-style addressing, as 
described in Section 45, “Configuring Internet Addressing,” on page 703, or you’ve configured the 
Internet Agent to ignore Internet-style addressing, as described in Section 46.1.3, “Configuring How 
the Internet Agent Handles E-Mail Addresses,” on page 721. 


Syntax: /agl-option 


Example: /aql-po 


Option Description 


auto This option causes the gateway to include the addressing components required to make the 
user's address unique. If a user ID is unique in a GroupWise system, the outbound address 
uses only the user ID.Ifthe post office or domain.post office components are required to 
make the address unigue, these components are also included in the outbound address. The 
auto option is the default. 


userid This option requires the gateway to include only the user /D in the outbound Internet 
address, even ifthe user ID is not unigue in the system. If a recipient replies to a user whose 
user ID is not unigue and no other gualifying information is provided, that reply cannot be 
delivered. 


po This option reguires the gateway to include post office.user ID in every outbound address, 
regardless of the unigueness or non-unigueness ofthe user ID. 


domain This option requires the gateway to include the fully-gualified GroupWise address 
(domain.post office.user ID) in every outbound address, regardless of the unigueness or 
non-unigueness of the user ID. This option guarantees the uniqueness of every outbound 
Internet address, and ensures that any replies are delivered. 


lagor 


The user part of a Group Wise user's outbound Internet address (user@host) can and sometimes 
must include the full Groupwise address (domain.post_office.user_ID@host) in order to be unique. 
The /agor switch instructs the Internet Agent to move any GroupWise address components, except 
the user_ID component, to the right side of the address following the at sign (@). In this way, 
GroupWise addressing components become part of the host portion of the outbound Internet 
address. The /aql switch specifies which components are included. 


For example, if the /aqor switch is used (in conjunction with the /aql-domain switch), Bob 
Thompson’s fully qualified Internet address (headquarters.advertising.bob@novell.com) would be 
resolved to bob@advertising.headquarters.novell.com for all outbound messages. 


If the /aqor switch is used with the /aql-po switch, Bob’s Internet address would be resolved to 
bob@advertising.novell.com for all outbound messages. 
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If you use the /agor switch to move GroupWise domain or post office names to be part of the host 
portion on the right side of the address, you must provide a way for the DNS server to identify the 
Group Wise names. You must either explicitly name all GroupWise post offices and domains in your 
system as individual MX Records, or you can create an MX Record with wildcard characters to 
represent all Group Wise post offices and domains. For information about creating MX Records, see 
details found in RFC #974. 


For details about this setting, see Section 46.1.3, “Configuring How the Internet Agent Handles E- 
Mail Addresses,” on page 721. 
lari 


Enables or disables additional routing information that is put in the SMTP return address to facilitate 
replies. This switch might be needed in large systems with external GroupWise domains in which 
the external Group Wise users have not been configured in your local domain. Options include Never 
and Always. Most sites do not need to use this switch. 


Syntax: /ari-never|always 


Example: /ari-never 


Iblockrulegenmsg 


In ConsoleOne, you can control whether or not rule-generated messages are allowed to enter your 
GroupWise system by selecting or deselecting the 4//ow Rule-Generated Messages option available 
in each class of service defined for the Internet Agent. This switch allows you to be more specific in 
the types ofrule-generated messages that are blocked. 


Syntax: /blockrulegenmsg-forward | reply | none | all 
Example: /blockrulegenmsg-forward 


In order for this switch to take effect, senders must be in a class of service where Allow Rule- 
Generated Messages is selected. 


To select a class of service: 


1 Browse to and right-click the Internet Agent object, then click Properties. 
2 Click Class of Service. 
3 Select a class of service, then click Edit. 


4 Click SMTP Incoming, then make sure that Allow Rule-Generated Messages is selected. 


Idia 


Group Wise supports both Internet-style addressing (user@host) and GroupWise proprietary 
addressing (user_ID.post_office.domain). By default, the Internet Agent uses Internet-style 
addressing. See Section 46.1.3, “Configuring How the Internet Agent Handles E-Mail Addresses,” 
on page 721. 


You can use this switch to disable Internet-style addressing. With Internet-style addressing disabled, 
messages use the mail domain name in the Foreign ID field in ConsoleOne (Internet Agent object > 
Group Wise > Identification) for the domain portion of a user’s Internet address. The Internet Agent 
continues to support user and post office aliases in either mode. 
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Syntax: /dia 


Idisplaylastfirst 


By default, users’ display names are First Name Last Name. If you want users’ display names to be 
Last Name First Name, you can use the /displaylastfirst switch. This forces the display name format 
to be Last Name First Name, regardless of the preferred address format. 


Syntax: /displaylastfirst 





Idontreplaceunderscore 
By default, the Internet Agent accepts addresses of the format: 
firstname_lastname@internet_domain_name 


Even though this is not an address format included in the Allowed Address Formats list in 
ConsoleOne for configuring Internet addressing, as described in Section 45.1.5, “Allowed Address 
Formats,” on page 707, you can use this switch to prevent this address format from being accepted 
by the Internet Agent. 


Syntax: /dontreplaceunderscor 





Ifd822 


Specifies a return address for GroupWise replies. À message that has been received by a GroupWise 
user through the Internet Agent and is replied to has this return address form. These switches cause 
the Internet Agent to produce a return address of the form foreign domain.type:"user host." Foreign 
domain can be any foreign domain you have configured and linked to the Internet Agent. 


You can use the same foreign domain name for both the /fd822 switch and the /fdmime switch. You 
can specify multiple foreign domain and kind pairs by placing them in quotes. If multiple foreign 
domain and kind pairs are used, the first domain/kind pair is the return address for replies to 
messages received through the Internet Agent. The second domain/kind pair is checked to see what 
message format is used for old replies in the system. Up to four pairs can be specified with an 80- 
character limit. 


This switch lets you change your foreign domain names in your GroupWise system and still have 
replies work. For example, if your foreign domain is called faraway and you added a foreign domain 
called Internet, you could use /fd822-"internet.nonmime smtp.nonmime." This causes replies to 
have a return address of internet.nonmime.:"user@host." The Internet Agent would also recognize 
faraway. This switch also lets you migrate from one foreign domain to another. 


Most administrators do not need to use this switch. 
Syntax: /£4822-foreign domain.type 


Example: /£d822-Internet.nonmime 


Ifdmime 


Specifies a return address for GroupWise replies. À message that has been received by a GroupWise 
user through the Internet Agent and is replied to has this return address form. These switches cause 
the Internet Agent to produce a return address of the form foreign domain.type:"user host." 
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Foreign_domain can be any foreign domain you have configured and linked to the Internet Agent. 
Type can be either mime or nonmime. 


You can use the same foreign domain name for both the /fd822 switch and the /fdmime switch. 


You can specify multiple foreign domain and kind pairs by placing them in quotes. If multiple 
foreign domain and kind pairs are used, the first domain/kind pair is the return address for replies to 
messages received through the Internet Agent. The second domain/kind pair is checked to see what 
message format is used for old replies in the system. Up to four pairs can be specified with an 80- 
character limit. 


This switch lets you change your foreign domain names in your Group Wise system and still have 
replies work. For example, if your foreign domain is called SMTP and you add a foreign domain 
called Internet, you can use /fdmime-"internet.mime smtp.mime." This causes replies to have a 
return address of internet.mime:"user@host." The Internet Agent also recognizes SMTP. This 
switch also lets you migrate from one foreign domain to another. 


Most administrators do not need to use this switch. 


Syntax: /fdmime-foreign domain.type 





Example: /fdmime-Internet.mim 


Igroup 


Turns on group expansion. The default startup file has this switch commented out. If it is enabled, an 
incoming Internet message addressed to a public group is sent to members of that group. See 
Section 46.1.3, “Configuring How the Internet Agent Handles E-Mail Addresses,” on page 721. 


Syntax: /group 


/keepsendgroups 


Prevents the Internet Agent from expanding distribution lists on messages going to external Internet 
users so that the SMTP header does not become too large. 


Syntax: /keepsendgroups 


/msstu 


Instructs the Internet Agent to map spaces to underscores in user addresses for outbound messages. 
For example, john smith becomes john_smith. 


Syntax: /msstu 


/nomappriority 


Disables the function of mapping an x-priority MIME field to a GroupWise priority for the message. 
By default, the Internet Agent maps x-priority 1 and 2 messages as high priority, x-priority 3 
messages as normal priority, and x-priority 4 and 5 as low priority in GroupWise. 


Syntax: /nomappriority 
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Inotfamiliar 


Instructs the Internet Agent to not include the user’s familiar name, or display name, in the From 
field of the message’s MIME header. In other words, the From field is address rather than 
"familiar_name" address. 


Syntax: /notfamiliar 


/realmailfrom 


Instructs the Internet Agent to use the real user in the Mail From field instead of having auto- 
forwards come from Postmaster and auto-replies come from Mailer-Daemon. 


Syntax: /realmailfrom 


52.6.4 Message Formatting and Encoding 


The following switches determine how the Internet Agent formats and encodes inbound and 
outbound e-mail messages: 


/attachmsg 
/dbchar822 
/defaultcharset 
/force7bitout 
/iso8859 lis 
/koi8 

/mime 
/noiso2022 
/noqpmt 
/relayaddsignature 
ht 

/st 

/uueaa 

/wrap 


lattachmsg 
Instructs the Internet Agent to maintain the original format of any file type attachment. 


Syntax: /attachmsg 


Idbchar822 


Instructs the Internet Agent to map inbound non-MIME messages to another character set that you 
specify. The mapped character set must be an Asian (double-byte) character set. 


Syntax: /dbchar822-charset 


Example: /dbchar822-shift js 
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/defaultcharset 

Specifies what character set to use if no character set is specified in an incoming message. 
Syntax: /defaultcharset-charset 

Example: /defaultcharset-iso-8859-1 


For readability when the character set name includes hyphens (-), you can use an equal sign (=) as 
the delimiter between the switch and its setting. 


Example: /defaultcharset=iso-8859-1 


Iforce7bitout 


By default, the Internet Agent uses 8-bit MIME encoding for any outbound messages that are 
HTML-formatted or that contain 8-bit characters. If, after connecting with the receiving SMTP host, 
the Internet Agent discovers that the receiving SMTP host cannot handle 8-bit MIME encoded 
messages, the Internet Agent converts the messages to 7-bit encoding. 


You can use the /force7bitout switch to force the Internet Agent to use 7-bit encoding and not 
attempt to use 8 bit MIME encoding. You should use this option if you are using a relay host that 
does not support 8-bit MIME encoding. See Section 46.1.1, “Configuring Basic SMTP/MIME 
Settings,” on page 717. 


Syntax: /force7bitout 


liso88591is 


Instructs the Internet Agent to map inbound MIME ISO-8859-1 messages to another character set 
that you specify. 


Syntax: /iso8859lis-charset 


Example: /1s088591is-big5 


/koi8 


Instructs the Internet Agent to map all outbound MIME messages to the KOI8 (Russian) character 
set. 


Syntax: /koi8 


Imime 


Instructs the Internet Agent to send outbound messages in MIME format rather than in RFC-822 
format. If you’ve defined an RFC-822 non-GroupWise domain, as described in Section 6.7, 
“Adding External Users to the GroupWise Address Book,” on page 95, users can still send RFC-822 
formatted messages by using the RFC-822 domain in the address string when sending messages. 
Removing the switch corresponds to enabling the Default Message Encoding: Basic RFC-822 
switch in ConsoleOne. See Section 46.1.4, “Determining Format Options for Messages,” on 

page 723. 


Syntax: /mime 
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Inoiso2022 


Instructs the Internet Agent to not use ISO-2022 character sets. ISO-2022 character sets provide 7- 
bit encoding for Asian character sets. 


Syntax: /noiso2022 


/nqpmt 


Disables quoted printable message text for outbound messages. If this switch is turned on, messages 
are sent with Base64 MIME encoding, unless all the text is US-ASCII. If you use this switch you 
need to review the setting for the /wrap switch to ensure that message text wraps correctly. See 
Section 46.1.4, “Determining Format Options for Messages,” on page 723. 


Syntax: /ngpmt 


/relayaddsignature 


Appends the global signature to messages that are relayed through your Group Wise system (for 
example, messages from POP and IMAP clients) in addition to messages that originate within your 
Group Wise system. See Section 14.3, “Adding a Global Signature to Users’ Messages,” on 

page 219 


Syntax: /relayaddsignature 


Irt 


Specifies the maximum number of threads that the Internet Agent uses when converting inbound 
messages from MIME or RFC-822 format to the GroupWise message format. The default setting is 
4. See Section 46.1.4, “Determining Format Options for Messages,” on page 723. 


Multiple threading allows for more than one receive process to be running concurrently. A receive 
request is assigned to a single thread and is processed by that thread. Ifyou anticipate heavy inbound 
message traffic, you can increase the number of threads to enhance the speed and performance of the 
Internet Agent. The number of threads is limited only by the memory resources of your server. 


Syntax: /rt 


Ist 


Specifies the maximum number of threads that the Internet Agent uses when converting outbound 
messages from GroupWise message format to MIME or RFC-822 format. The default setting is 4. 
See Section 46.1.4, “Determining Format Options for Messages,” on page 723. 


Multiple threading allows for more than one send process to be running concurrently. A send request 
is assigned to a single thread and is processed by that thread. If you anticipate heavy outbound 
message traffic, you can increase the number of threads to enhance the speed and performance of the 
Internet Agent. The number of threads is limited only by the memory resources of your server. 


Syntax: /st 


luueaa 


Forces the Internet Agent to UUencode any ASCII text files attached to outbound RFC-822 
formatted messages. This switch applies only ifthe /mime switch is not used. Without this switch, 
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the Internet Agent includes the text as part of the message body. See Section 46.1.4, “Determining 
Format Options for Messages,” on page 723. 


Syntax: /uueaa 


/wrap 


Sets the line length for outbound messages that do not use quoted printable or Base64 MIME 
encoding. This is important if the recipient’s e-mail system requires a certain line length. See 
Section 46.1.4, “Determining Format Options for Messages,” on page 723. 


Syntax: /wrap-line length 


Example: /wrap-72 


52.6.5 Forwarded and Deferred Messages 


The following switches configure how the Internet Agent handles forwarded and deferred messages: 


/flatfwd 
/maxdeferhours 
/msgdeferinterval 


Iflatfwd 


Automatically strips out the empty message that is created when a message is forwarded without 
adding text, and retains the original sender of the message, rather than showing the user who 
forwarded it. This facilitates users forwarding messages from Group Wise to other e-mail accounts. 
Messages arrive in the other accounts showing the original senders, not the users who forwarded the 
messages from Group Wise. 


Syntax: /Elat fwd 


/maxdeferhours 


Specifies the number of hours after which the Internet Agent stops trying to send deferred messages. 
The default is 96 hours, or four days. A deferred message is any message that can’t be sent because 
of a temporary problem (host down, MX record not found, and so forth). See Section 46.1.1, 
“Configuring Basic SMTP/MIME Settings,” on page 717. 


Syntax: /maxdeferhours-hours 


Example: /maxdeferhours-48 


Imsgdeferinterval 


Specify in a comma-delimited list the number of minutes after which the Internet Agent retries 
sending deferred messages. The default is 20, 20, 20, 240. The Internet Agent interprets this list as 
follows: It retries 20 minutes after the initial send, 20 minutes after the first retry, 20 minutes after 
the second retry, and 240 minutes (4 hours) after the third retry. Thereafter, it retries every 240 
minutes until the number of hours specified in the Maximum Number of Hours to Retry a Deferred 
Message field is reached. You can provide additional retry intervals as needed. It is the last retry 
interval that repeats until the maximum number of hours is reached. See Section 46.1.1, 
“Configuring Basic SMTP/MIME Settings,” on page 717. 
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Syntax: /msgdeferinterval-minutes,minutes...,minutes 


Example: /msgdeferinterval-10,10,10,120 


52.6.6 Extended SMTP 


The following switches configure the Internet Agent’s Extended SMTP (ESMTP) settings: 


/noesmtp 
/dsn 
/dsnage 


Inoesmtp 


Disables ESMTP support in the Internet Agent. 


Syntax: /noesmtp 


Idsn 


Enables Delivery Status Notification (DSN). The Internet Agent requests status notifications for 
outgoing messages and supplies status notifications for incoming messages. This requires the 
external e-mail system to also support Delivery Status Notification. Currently, notification consists 
of two delivery statuses: successful and unsuccessful. See Section 46.1.2, “Using Extended SMTP 
(ESMTP) Options,” on page 720. 


Syntax: /dsn 


Idsnage 


The /dsnage switch specifies the number of days that the Internet Agent retains information about 
the external sender so that status updates can be delivered to him or her. For example, the default 
DSN age causes the sender information to be retained for 4 days. If the Internet Agent does not 
receive delivery status notification from the GroupWise recipient’s Post Office Agent (POA) within 
that time period, it deletes the sender information and the sender does not receive any delivery status 
notification. See Section 46.1.2, “Using Extended SMTP (ESMTP) Options,” on page 720. 


Syntax: /dsnage 


52.6.7 Send/Receive Cycle and Threads 


The following switches configure the Internet Agent’s SMTP send/receive cycle and threads: 


/p 

/rd 

/sd 
/killthreads 
/smtpport 
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Ip 


Specifies how often, in seconds, the Internet Agent polls for outbound messages. The default, 10 
seconds, causes the Internet Agent to poll the outbound message directory every 10 seconds. See 
Section 46.1.1, “Configuring Basic SMTP/MIME Settings,” on page 717. 


Syntax: /p-seconds 


Example: /p-5 


Ird 


Specifies the maximum number of threads used for processing SMTP receive requests (inbound 
messages). Each thread is equivalent to one connection. The default is 16 threads. See 
Section 46.1.1, “Configuring Basic SMTP/MIME Settings,” on page 717. 


Syntax: /rd-number of threads 


Example: /rd-20 


Isd 


Specifies the maximum number of threads used for processing SMTP send requests (outbound 
messages). Each thread is equivalent to one connection. The default is 8 threads. See Section 46.1.1, 
“Configuring Basic SMTP/MIME Settings,” on page 717. 


Syntax: /sd-number of threads 


Example: /sd-12 


/killthreads 
Instructs the Internet Agent to quickly terminate any active send/receive threads when it restarts. 


Syntax: /killthreads 


--smtpport (Linux only) 


Changes the SMTP listen port from the default of 25. Use this switch only if the Internet Agent is 
receiving messages only from SMTP hosts that can be configured to connect to Internet Agent on a 
specified port. 


52.6.8 Dial-Up Connections 


SMTP dial-up services can be used when you don’t require a permanent connection to the Internet 
and want to periodically check for mail messages queued for processing. The following switches can 
be used when configuring dial-up services. For more information about dial-up services, see 
Section 46.1.7, “Configuring SMTP Dial-Up Services,” on page 727. 


/usedialup 
/etrnhost 
/etrnqueue 
/dialuser 
/dialpass 
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/usedialup 
Enables SMTP dial-up services. See “Enabling Dial-Up Services” on page 728. 


Syntax: /usedialup 


letrnhost 


Specifies the IP address or DNS hostname of'the mail server where your mail account resides at 
your Internet Service Provider. You should obtain this address from your Internet Service Provider. 
See “Enabling Dial-Up Services” on page 728. 


Syntax: /etrnhost-address 


Example: /etrnhost-172.16.5.18 


/etrnqueue 


Specifies your e-mail domain as provided by your Internet Service Provider. See “Enabling Dial-Up 
Services” on page 728. 


Syntax: /etrnqueue-email domain 


Example: /etrnqueue-novell.com 





Idialuser (Windows Only) 


Specifies the RAS Security user if you are using a Windows Remote Access Server (RAS) and the 
Internet Agent is not running on the same server as the RAS. 


Syntax: /dialuser-username 


Example: /dialuser-rasuser 


Idialpass (Windows Only) 


Specifies the RAS Security user’s password if you are using a Windows Remote Access Server 
(RAS) and the Internet Agent is not running on the same server as the RAS. 


Syntax: /dialpass-password 


Example: /dialpass-raspassword 


52.6.9 Timeouts 


The following switches specify how long SMTP services waits to receive data that it can process. 
After the time expires, the Internet Agent might give a TCP read/write error. Leave these switches at 
the default setting unless you are experiencing a problem with communication. 


/tc 
/td 
/te 
/tg 
/tr 
/tt 
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Itc 
Specifies how long the program waits for an SMTP command. The default is 2 minutes. 
Syntax: /tc-minutes 


Example: /tc-3 


Itd 
Specifies how long the program waits for data from the receiving host. The default is 5 minutes. 
Syntax: /td-minutes 


Example: /td-2 


Ite 


Specifies how long the program waits for the receiving host to establish a connection. The default is 
5 minutes. 


Syntax: /te-minutes 


Example: /te-2 


Itg 


Specifies how long the program waits for the initial greeting from the receiving host. The default is 
3 minutes. 


Syntax: /tg-minutes 

Example: /tg-2 

Itr 

Specifies how long the program waits for a TCP read. The default is 10 minutes. 


Syntax: /tr-minutes 


Example: /tr-2 


itt 


Specifies how long the program waits for the receiving host to terminate the connection. The default 
is 5 minutes. 


Syntax: /tt-minutes 


Example: /tt-2 


52.6.10 Relay Host 


The following switch configures whether or not the Internet Agent uses a relay host. 


/mh 
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Imh 


Specifies the IP address or DNS hostname of one or more relay hosts that you want the Internet 
Agent to use for outbound messages. Use a space to separate multiple relay hosts in a list. 


The relay host can be part of your network or can reside at the Internet service provider’s site. This 
switch is typically used in firewall integration if you want one server, the specified relay host, to 
route all mail. See Section 46.1.1, “Configuring Basic SMTP/MIME Settings,” on page 717. 


Syntax: /mh-address 


Example: /mh-172.16.5.18 


52.6.11 Host Authentication 


The Internet Agent supports SMTP host authentication for both inbound and outbound message 
traffic. The following switches are used with inbound and outbound authentication: 


/forceinboundauth 
/forceoutbountauth 


/forceinboundauth 


Ensures that the Internet Agent accepts messages only from remote SMTP hosts that use the AUTH 
LOGIN authentication method to provide a valid GroupWise user ID and password. The remote 
SMTP hosts can use any valid Group Wise user ID and password. However, for security reasons, we 
recommend that you create a dedicated GroupWise user account for remote SMTP host 
authentication. 


Syntax: /forceinboundauth 


/forceoutboundauth 


Ensures that the Internet Agent sends messages only to remote SMTP hosts that are included in a 
gwauth.cfg text file. The remote SMTP hosts must support the AUTH LOGIN authentication 
method. 


The gwauth.cfg file must reside in the domain\wpgate\gwia directory and use the 
following format: 


domain name authuser authpassword 


For example: 


smtp.novell.com remotehost novell 
You can define multiple hosts in the file. Make sure you include a hard return after the last entry. 


If you use this switch, you need to include your Internet Agent as an entry in the gwauth.cfg file to 
enable status messages to be returned to GroupWise users. You can use any GroupWise user ID and 
password for your Internet Agent’s authentication credentials. However, for security reasons, we 
recommend that you create a dedicated GroupWise user account for your Internet Agent. 


Syntax: /forceoutboundauth 
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52.6.12 Undeliverable Message Handling 


The following switches determine how the Internet Agent handles undeliverable messages: 


/badmsg 
/fut 
/mudas 


lbadmsg 


Specifies where to send problem messages. Problem messages can be placed in the Internet Agent 
problem directory (gwprob), they can be sent to the postmaster, or they can be sent to both or 
neither. The values for this switch are move, send, both, and neither. 


The move option specifies to place problem messages in the gwprob directory for the Internet 
Agent. The send option specifies to send the message as an attachment to the Internet Agent 
postmaster defined in ConsoleOne (Internet Agent object > GroupWise > Gateway Administrators). 
The both option specifies to move the message to gwprob and send it to the postmaster. The neither 
option specifies to discard problem messages. The default when no switch is specified is move. See 
Section 46.1.6, “Determining What to Do with Undeliverable Messages,” on page 726. 


Syntax: /badmsg-move|send|both|neither 


Example: /badmsg-both 


[fut 


Forwards undeliverable messages to the specified host. This can be useful if you use UNIX sendmail 
aliases. See Section 46.1.6, “Determining What to Do with Undeliverable Messages,” on page 726. 


Syntax: /fut-host 


Example: /fut-novell.com 


/mudas 


Controls how much of the original message is sent back when a message is undeliverable. By 
default, only 2 KB of the original message is sent back. The value is specified in KB (8=8KB). See 
Section 46.1.6, “Determining What to Do with Undeliverable Messages,” on page 726. 


Syntax: /mudas-KB 


Example: /mudas-16 


52.6.13 Mailbomb and Spam Security 


Multiple unsolicited messages (sometimes called a mailbomb or spam) from the Internet can 
potentially harm your Group Wise messaging environment. At the least, it can be annoying to your 
users. You can use the following switches to help protect your GroupWise system from malicious, 
accidental, and annoying attacks: 


/mbcount 
/mbtime 
/rejbs 
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/xspam 
/rbl 
/mbcount 


Sets the number of messages that can be received from a single IP address in a given number of 
seconds before the Internet Agent denies access to its GroupWise system. It provides a form of 
system security to protect your system from mailbombs. 


For example, with /mbcount set to 25 and /mbtime set to 60 seconds, if these limits are exceeded the 
sender’s IP address is blocked from sending any more messages. The IP address of the sender is also 
displayed in the Internet Agent console. You can permanently restrict access to your system by that 
IP address through settings on the Access Control page in ConsoleOne (Internet Agent object > 
Access Control). By default, the mailbomb feature is turned off. To enable this feature, you must 
specify a value for mailbomb count and mailbomb time. See Section 47.2.4, “Mailbomb (Spam) 
Protection,” on page 760. 


Syntax: /mbcount-number 


Example: /mbcount-25 


Imbtime 


Specifies the mailbomb time limit in seconds. This switch works with the /mbcount switch to block 
access to your Group Wise system from unsolicited inundations of e-mail. The default value is 10 
seconds. See Section 47.2.4, “Mailbomb (Spam) Protection,” on page 760. 


Syntax: /mbtime-seconds 


Example: /mbtime-60 


Irejbs 


Prevents delivery of messages if the sender’s host is not authentic. When this switch is used, the 
Internet Agent refuses messages from a host if a DNS reverse lookup shows that a PTR record does 
not exist for the IP address of the sender’s host. See Section 47.2.4, “Mailbomb (Spam) Protection,” 
on page 760. 


If this switch is not used, the Internet Agent accepts messages from any host, but displays a warning 
if the initiating host is not authentic. 


Syntax: /rejbs 


Ixspam 


Flags messages to be handled by the client Junk Mail Handling feature if they contain an x-spam- 
flag:yes in the MIME header. See Section 47.2.5, “Customized Spam Identification,” on page 761. 


Syntax: /xspam 


Irbl 


Lets you define the addresses of blacklist sites (free or fee-based) you want the Internet Agent to 
check for blacklisted hosts. If a host is included in a site’s blacklist, the Internet Agent does not 
accept messages from it. 
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Syntax: /rbl-blackholes.mail-abuse.org,bl.spamcop.net 





This switch corresponds to the Blacklist Addresses list (Internet Agent object > Access Control > 
Blacklists). For details about this setting, see Section 47.2.1, “Real-Time Blacklists,” on page 757. 


52.7 POP3 Switches 


The following optional startup switches that can be used to configure the Internet Agent’s POP3 
service: 


/pop3 
/popintruderdetect 
/popport 
/popsport 

/popssl 

/pt 

/sslpt 


52.7.1 /pop3 


Enables POP3 client access to Group Wise mailboxes through the Internet Agent. See 
Section 46.3.1, “Enabling POP3/IMAP4 Services,” on page 740. 


Syntax: /pop3 


52.7.2 /popintruderdetect 


Instructs the Internet Agent to log POP e-mail clients in through the POA so that the POA’s intruder 
detection can take effect, if intruder has been configured in ConsoleOne (POA object > Client 
Access Settings > Intruder Detection). This switch cannot be used with older POAs that do not 
support intruder detection. 


Syntax: /popintruderdetect 


52.7.3 /popport 


By default, the Internet Agent listens for POP3 connections on port 110. This switch allows you to 
change the POP3 listen port. 


Syntax: /popport-port number 


Example: /popport-111 


52.7.4 /popsport 


By default, the Internet Agent listens for secure (SSL) POP3 connections on port 995. This switch 
allows you to change the POP3 SSL listen port. 


Syntax: /popsport-port number 


Example: /popsport-996 
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52.7.5 /popssl 


Disables, enables, or requires secure (SSL) connections between POP3 clients and the Internet 
Agent. See Section 48.4, “Securing Internet Agent Connections with SSL,” on page 772. 


Syntax: /popssl-enabled|disabled| required 





Example: /popssl-required 


Option Description 
enabled The POP3 client determines whether an SSL connection or non-SSL connection is used. 


By default, the Internet Agent listens for SSL connections on port 995 and non-SSL 
connections on port 110. You can use the /popsport and /popport switches to change these 
ports. 


required The Internet Agent forces SSL connections on port 995 and port 110. Non-SSL 
connections are denied. You can use the /popsport and /popport switches to change these 
ports. 


disabled The Internet Agent listens for connections only on port 110, and the connections are not 
secure. You can use the /popport switch to change this port. 


52.7.6 Ipt 


Specifies the maximum number of threads to be used for POP3 connections. The default number is 
10. You are limited only by the memory resources of your server. See Section 46.3.1, “Enabling 
POP3/IMAP4 Services,” on page 740. 


Syntax: /pt-number of threads 


Example: /pt-15 


52.7.7 Isslpt 


Specify the maximum number of threads you want the Internet Agent to use for secure POP3 
connections. You are limited only by the memory resources of your server. See Section 46.3.1, 
“Enabling POP3/IMAP4 Services,” on page 740. 


Syntax: /sslpt-number of threads 


Example: /sslpt-15 


52.8 IMAP4 Switches 


The following optional startup switches that can be used to configure the Internet Agent’s IMAP4 
service: 


/imap4 
/imapport 
/imapreadlimit 
/imapsport 
/imapss] 
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/it 
/sslit 


52.8.1 /imap4 


Enables IMAP4 client access to GroupWise mailboxes through the Internet Agent. See 
Section 46.3.1, “Enabling POP3/IMAP4 Services,” on page 740. 


Syntax: /imap4 


52.8.2 /imapport 


By default, the Internet Agent listens for IMAP4 connections on port 143. This switch allows you to 
change the IMAP4 listen port. 


Syntax: /imapport-port number 


Example: /imapport-144 


52.8.3 /imapreadlimit 


By default, the Internet Agent downloads a maximum of 20,000 items at a time. This switch allows 
you to specify, in thousands, the maximum number of items you want the Internet Agent to 
download. For example, specifying 30 indicates 30,000. 


Syntax: /imapreadlimit 


Example: /imapreadlimit-30 


52.8.4 /imapsport 


By default, the Internet Agent listens for secure (SSL) IMAP4 connections on port 993. This switch 
allows you to change the IMAP4 SSL listen port. 


Syntax: /imapsport-port number 


Example: /imapsport-994 


52.8.5 /imapssl 


Disables, enables, or reguires secure (SSL) connections between IMAP4 clients and the Internet 
Agent. See Section 48.4, “Securing Internet Agent Connections with SSL,” on page 772. 


Syntax: /IMAP4ssl-enabled|disabled| required 








Example: /popssl-required 


Option Description 


enabled The IMAP4 client determines whether an SSL connection or non-SSL connection is used. 
By default, the Internet Agent listens for SSL connections on port 993 and non-SSL 
connections on port 143. You can use the /imapsport and /imapport switches to change 
these ports. 
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Option Description 


required The Internet Agent forces SSL connections on port 993 and port 143. Non-SSL 
connections are denied. You can use the /imapsport and /imapport switches to change 
these ports. 


disabled The Internet Agent listens for connections only on port 143, and the connections are not 
secure. You can use the /imapport switch to change this port. 


52.8.6 /it 


Specifies the maximum number of threads to be used for IMAP4 connections. The default number is 
10. You are limited only by the memory resources of your server. See Section 46.3.1, “Enabling 
POP3/IMAP4 Services,” on page 740. 


Syntax: /it-number of threads 


Example: /it-15 


52.8.7 Isslit 


Specify the maximum number of threads you want the Internet Agent to use for secure IMAP4 
connections. You are limited only by the memory resources of your server. See Section 46.3.1, 
“Enabling POP3/IMAP4 Services,” on page 740. 


Syntax: /sslit-number of threads 


Example: /sslit-15 


52.9 HTTP (Web Console) Switches 


The following switches enable the HTTP Web console and control its configuration settings. The 
Web console enables you to monitor the Internet Agent through a Web browser. For more 
information, see Section 49.2, “Using the Internet Agent Web Console,” on page 787. 


/httpport 
/httpuser 
/httppassword 
/httprefresh 
/httpssl 


52.9.1 /httpport 


Specifies the port where the Internet Agent listens for the Web console. The default port established 
during installation is 9850. 


Syntax: /httpport-port number 


Example: /httpport-9851 
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52.9.2 /httpuser 


By default, any user who knows the Internet Agent’s address and port (/httpport) can use the Web 
console. This switch adds security to the Web console by forcing users to log into the Web console 
using the specified username. The /httppassword switch must also be used to establish the user 
password. 


Syntax: /httpuser-username 
Example: /httpuser-gwia 


The username can be any arbitrary name. 


52.9.3 /httppassword 


Specifies the password that must be supplied along with the username provided by /httpuser. 
Syntax: /httppassword-password 


Example: /httppassword-monitor 


52.9.4 /httprefresh 


By default, the Internet Agent refreshes the Web console information every 60 seconds. You can use 
this switch to override the default refresh interval. 


Syntax: /httprefresh-seconds 


Example: /httprefresh-120 


52.9.5 /httpssl 


Enables the Internet Agent to use a secure connection to a Web browser being used to display the 
Internet Agent Web console. The Web browser must also be enabled to use SSL; if it is not, a non- 
secure connection is used. See Section 48.4, “Securing Internet Agent Connections with SSL,” on 
page 772. 


Syntax: /httpssl 


52.10 SSL Switches 


The Internet Agent can use SSL to enable secure SMTP, POP, IMAP, and HTTP connections. The 
following switches can be used to 1) specify the server certificate file, key file, and key file 
password required for SSL and 2) enable or disable SSL for SMTP, POP, IMAP, and HTTP 
connections. See Section 48.4, “Securing Internet Agent Connections with SSL,” on page 772. 


/certfile 
/keyfile 
/keypasswd 
/smtpssl 
/httpssl 
/popssl 
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/imapssl 
/Idapssl 


52.10.1 /certfile 


Specifies the server certificate file to use. The file must be in Base64/PEM or PFX format. If the file 
is not in the same directory as the Internet Agent program, specify the full path. 





Syntax: /certfile-filename 


Example: /certfile-\\serverl\sys\serverl.crt 





52.10.2 /keyfile 


Specifies the private key file to use. The key file is required if the certificate file does not contain the 
key. If the certificate file contains the key, do not use this switch. When specifying a filename, use 
the full path if the file is not in the same directory as the Internet Agent program. 


Syntax: /keyfile-filenam 








Example: /keyfile-\\serverl\sys\serverl.key 


52.10.3 /keypasswd 


Specifies the private key password. If the key does not require a password, do not use this switch. 
Syntax: /keypasswd-password 


Example: /keypasswd-novell 


52.10.4 /smtppssl 


Enables the Internet Agent to use a secure connection to other SMTP hosts. The SMTP host must 
also be enabled to use SSL or TLS (Transport Layer Security); if it is not, a non-secure connection is 
used. Valid settings are enabled and disabled. 


Syntax: /smtppssl-setting 


Example: /smtppssl-enabled 


52.10.5 /httpssl 


Enables the Internet Agent to use a secure connection to a Web browser being used to display the 
Internet Agent Web console. The Web browser must also be enabled to use SSL; if it is not, a non- 
secure connection is used. Valid settings are enabled and disabled. 


Syntax: /httpssl-setting 


Example: /httpssl-enabled 
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52.10.6 /popssl 


Disables, enables, or requires secure (SSL) connections between POP3 clients and the Internet 
Agent. 





Syntax: /popssl-enabled| disabled| required 


Example: /popssl-required 


Option Description 


enabled The POP3 client determines whether an SSL connection or non-SSL connection is used. 
By default, the Internet Agent listens for SSL connections on port 995 and non-SSL 
connections on port 110. You can use the /popsport and /popport switches to change these 
ports. 


required The Internet Agent forces SSL connections on port 995 and port 110. Non-SSL 
connections are denied. You can use the /popsport and /popport switches to change these 
ports. 


disabled The Internet Agent listens for connections only on port 110, and the connections are not 
secure. You can use the /popport switch to change this port. 


52.10.7 /imapssl 


Disables, enables, or requires secure (SSL) connections between IMAP4 clients and the Internet 
Agent. 


Syntax: /IMAP4ssl-enabled| disabled| required 





Example: /popssl-required 


Option Description 
enabled The IMAP4 client determines whether an SSL connection or non-SSL connection 


is used. By default, the Internet Agent listens for SSL connections on port 993 
and non-SSL connections on port 143. You can use the /imapsport and /imapport 
switches to change these ports. 


required The Internet Agent forces SSL connections on port 993 and port 143. Non-SSL 
connections are denied. You can use the /imapsport and /imapport switches to 
change these ports. 


disabled The Internet Agent listens for connections only on port 143, and the connections 
are not secure. You can use the /imapport switch to change this port. 


52.10.8 /Idapssl 


Instructs the Internet Agent to use a secure (SSL) connection with an LDAP server. For more 
information about why the Internet Agent would need to connect to an LDAP server, see 
Section 52.11, “LDAP Switches,” on page 849 


Syntax: /ldapssl 
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52.11 LDAP Switches 


The Internet Agent can perform GroupWise authentication of POP3/IMAP4 clients through an 
LDAP server and can also perform LDAP queries for GroupWise information. see Section 46.2.1, 
“Enabling LDAP Services,” on page 737. 


The following sections describe the switches required to configure this functionality: 


+ Section 52.11.1, “GroupWise Authentication Switches,” on page 849 
+ Section 52.11.2, “LDAP Query Switches,” on page 850 


52.11.1 GroupWise Authentication Switches 


When a POP3/IMAP4 user attempts to access a GroupWise mailbox on a post office that has been 
configured for LDAP authentication, the Internet Agent connects to the post office’s POA, which 
then connects to the LDAP server so that the LDAP server can authenticate the user. 


This process works automatically if the Internet Agent’s link to the post office is client/server 
(meaning that it communicates through TCP/IP to the post office’s POA). If the Internet Agent is 
using a direct link to the post office directory rather than a client/server link to the post office’s POA, 
the Internet Agent must communicate directly with the LDAP server rather communicate through 
the POA. 


The following switches are used to provide the Internet Agent with the required LDAP server 
information: 


/ldapipaddr 

/\dapport 

/\dapssl 

/Idapuser 

/Ildappwd 

Ildapipaddr 

Specifies the IP address of the LDAP server through which Group Wise authentication takes place. 
Syntax: /ldapipaddr-address 


Example: /Ldapipaddr-172.16.5.18 


Ildapport 


Specifies the port number being used by the LDAP server. The standard non-SSL LDAP port 
number is 389. The standard SSL LDAP port number is 636. 


Syntax: /1dapport-=number 


Example: /1dapport-389 


Ildapssli 
Instructs the Internet Agent to use a secure (SSL) connection with the LDAP server. 


Syntax: /1dapss1 
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Ildapuser 
Specifies a user that has rights to the LDAP directory. The user must have at least Read rights. 
Syntax: /ldapuser-username 


Example: /1dapuser-ldap 


Ildappwd 
Specifies the password of the user specified by the /Idapuser switch. 
Syntax: /1dappwd-password 


Example: /1dappwd-pwdl 


52.11.2 LDAP Query Switches 


The Internet Agent can function as an LDAP server, allowing LDAP queries for Group Wise user 
information contained in the directory. The following switches configure the Internet Agent as an 
LDAP server. 


/Idap 

/Idapthrd 

/Idapentxt 

/Idaprefurl 

/Idaprefcntxt 

/Idapserverport 

/Idapserversslport 

Ildap 

Enables the Internet Agent as an LDAP server. 


Syntax: /1dap 


Ildapthrd 


Specifies the maximum number of threads the Internet Agent can use for processing LDAP queries. 
The default is 10. 


Syntax: /ldapthrd-number 


Example: /ldapthrd-5 


Ildapentxt 


Limits the directory context in which the LDAP server searches. For example, you could limit 
LDAP searches to a single Novell organization container located under the United States country 
container. 


If you restrict the LDAP context, you must make sure that users, when defining the directory in their 
e-mail client, enter the same context (using the identical text you did) in the Search Base or Search 
Root field. 
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Syntax: /1dapcntxt-"context" 


Example: /1dapcntxt-"O=Novell,C=US" 


/\daprefurl 


Defines a secondary LDAP server to which you can refer an LDAP query if the query fails to find a 
user or address in your GroupWise system. For this option to work, the requesting Web browser 
must be able to track referral URLs. 


Syntax: /ldaprefurl-url 


Example: /1dapurl-ldap://ldap.provider.com 


Ildaprefcntxt 
Limits the directory context in which the secondary (referral) LDAP server searches. 
Syntax: /ldaprefcntxt-"context" 


Example: /ldaprefcntxt-"O=Novell,C=US" 


Ildapserverport 
Changes the LDAP listen port from the default of 389. 
Syntax: /ldapserverport port number 


Example: /ldapserverport 390 


Ildapserversslport 
Changes the LDAP SSL listen port from the default of 636. 
Syntax: /ldapserversslport port number 


Example: /ldapserversslport 637 


52.12 Log File Switches 


The following switches control how the Internet Agent uses the log file. The log file keeps a record 
of all Internet Agent activity. See Section 49.6, “Using Internet Agent Log Files,” on page 791. 


/log 

/logdays 
/loglevel 
/logmax 


52.12.1 /log 


On NetWare and Windows, the log files are stored in the domain\wpgate\gwia\000.pre 
directory by default. On Linux, they are stored in /var/log/novell/groupwise/ 
domain name.gwia by default. The log files are named after the month, day, and log number for 
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that date (mmddgwia. nn).You can use the /log switch to redirect the log files to a different 
location. 


Syntax: /log-log file directory 





NetWare Example: /log-sys:\log\gwia 
Linux Example: --1og /opt/novell/groupwise/agents/log 


Windows Example: /log-c:\log\gwia 


52.12.2 /logdays 


By default, log files are deleted after 7 days. This switch overrides the default setting. The range is 
from 1 to 360 days. 


Syntax: /logdays-days 


Example: / Logdays-5 


52.12.3 /loglevel 


Defines the amount of information to record in log files. 
The values are: 

+ Diag 

+ Verbose 


+ Normal (Default) 
+ Off 


Syntax: /loglevel-level 








Example: /1oglevel-verbos 


52.12.4 /logmax 


Controls the maximum amount of disk space for all log files. The amount of disk space each log file 
consumes is added together to determine the total amount of disk space used. When the limit is 
reached, the Internet Agent deletes the existing log files, starting with the oldest one. The default is 
64 MB. The range is from 256 KB to unlimited size. Use 0 for unlimited disk space. 


Syntax: /logmax- KB 


Example: /1logmax-512 
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+ Chapter 56, “Monitoring WebAccess Operations,” on page 925 
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Scaling Your WebAccess 
Installation 


If your GroupWise® system is relatively small (one domain and a few post offices) and all post 
offices reside in the same location, a basic installation of GroupWise WebAccess might very well 
meet your needs. However, if your GroupWise system is large, spans multiple locations, or requires 
failover support, you might need to scale your GroupWise WebAccess installation to better meet the 
reliability, performance, and availability needs of your users. 


The following sections provide information about the various configurations you can implement and 
instructions to help you create the configuration you choose: 


+ Section 53.1, “WebAccess Configurations,” on page 855 
+ Section 53.2, “Installing Additional WebAccess Components,” on page 858 
+ Section 53.3, “Configuring Redirection and Failover Support,” on page 860 


For information about creating a basic GroupWise WebAccess installation, see “Installing 
GroupWise WebAccess” in the GroupWise 7 Installation Guide. 


53.1 WebAccess Configurations 


A basic installation of GroupWise WebAccess requires the WebAccess Agent and the WebAccess 
Application, as shown in the following diagram. The WebPublisher Application is also required if 
you plan to use GroupWise WebPublisher. 


Figure 53-1 A Basic Installation of GroupWise WebAccess 
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Depending on your needs, it might be necessary for you to add additional WebAccess Agents or to 
have multiple Web servers running the WebAccess Application and WebPublisher Application. 


+ Section 53.1.1, “Multiple WebAccess Agents,” on page 855 
+ Section 53.1.2, “Multiple WebAccess and WebPublisher Applications,” on page 856 


53.1.1 Multiple WebAccess Agents 


GroupWise WebAccess is designed to allow one installation of the WebAccess Application and 
WebPublisher Application to support multiple WebAccess Agents, as shown in the following 
diagram. 


Scaling Your WebAccess Installation 855 


Figure 53-2 Multiple WebAccess Agents 
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There are various reasons why you might want to add additional WebAccess Agents, including: 


+ Improving reliability: One WebAccess Agent might provide sufficient access and 
performance, but you want to protect against downtime that would occur if the WebAccess 
Agent became unavailable because of server failure or some other reason. Installing more than 
one WebAccess Agent enables you to set up failover support to make your system more 
reliable. 


+ Improving performance: The WebAccess Agent is designed to be close to the GroupWise 
databases. It requires direct access to a domain database and either direct access to post office 
databases or TCP/IP access to the Post Office Agents. For best performance, you should ensure 
that the WebAccess Agent is on the same local area network as the domain and post offices it 
needs access to. For example, in most cases you would not want a WebAccess Agent in Los 
Angeles accessing a post office in London. 


+ Improving availability: The WebAccess Agent has 12 threads assigned to process user 
requests, which means that it can process only 12 requests at one time regardless of the number 
of users logged in. If necessary, you can increase the number of threads allocated to the 
WebAccess Agent, but each thread requires additional server memory. If you reach a point 
where WebAccess is unavailable to users because thread utilization is at a peak and all server 
memory is being used, you might need to have several WebAccess Agents, installed on 
different network servers, servicing your post offices. For information about changing the 
number of allocated threads, see Section 54.1, “Configuring the WebAccess Agent,” on 
page 870. 


53.1.2 Multiple WebAccess and WebPublisher Applications 


As with the WebAccess Agent, you can also install the WebAccess Application and WebPublisher 
Application to multiple Web servers, as shown in the following diagram. 
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Figure 53-3 The WebAccess Application and WebPublisher Application Installed to Multiple Web Servers 
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Some reasons for wanting to use this type of configuration include: 
+ Enabling WebAccess users on an intranet to access GroupWise through an internal Web server 
and WebAccess users on the Internet to access GroupWise through an exposed Web server. 


¢ Increasing Web server performance by balancing the workload among several Web servers, 
especially if you are using the Web server for other purposes in addition to Group Wise 
WebAccess. 


+ Hosting WebAccess (the WebAccess Application) on one Web server for your GroupWise 
users and WebPublisher (the WebPublisher Application) on another Web server for public 
Internet use. 


If necessary, you can use multiple WebAccess Agents in this configuration, as shown below. 


Figure 53-4 The WebAccess Application on One Web Server, and the WebPublisher Application on Another 
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53.2 Installing Additional WebAccess 
Components 


The following sections assume that you have installed at least one WebAccess Agent and one 
WebAccess Application (or WebPublisher Application) and now need to install additional agents or 
applications. 

+ Section 53.2.1, “Installing Additional Components on NetWare or Windows,” on page 858 

+ Section 53.2.2, “Installing Additional Components on Linux,” on page 859 


53.2.1 Installing Additional Components on NetWare or 
Windows 


+ “Installing a NetWare or Windows WebAccess Agent” on page 858 
+ “Installing a NetWare or Windows WebAccess or WebPublisher Application” on page 858 


For more information, see “NetWare and Windows: Setting Up GroupWise WebAccess” in the 
GroupWise 7 Installation Guide. 


Installing a NetWare or Windows WebAccess Agent 


1 Insert the GroupWise 7 Administrator for NetWare/Windows CD into the CD drive to start the 
Installation program, click Install Products, click GroupWise WebAccess, then click Install 
GroupWise WebAccess. If the Installation program does not start automatically, run 
setup.exe from the root of the CD. 


or 


If you’ve already copied the GroupWise WebAccess software to a software distribution 
directory, run setup.exe from the internet \webacces directory. 





2 Click Yes to accept the license agreement and display the Select Components dialog box. 
3 Deselect all components except the GroupWise WebAccess Agent, then click Next. 


4 Follow the prompts to create the WebAccess Agent’s gateway directory, install the WebAccess 
Agent software, and create the WebAccess Agent’s object in Novell® eDirectory™. 


If you are installing to a domain where another WebAccess Agent already exists, you must use 
a different directory and object name than the one used for the existing WebAccess Agent. 


5 When installation is complete, you need to configure your system so that the WebAccess and 
WebPublisher Applications know about the WebAccess Agent and can direct the appropriate 
user requests to it. For information, see Section 53.3, “Configuring Redirection and Failover 
Support,” on page 860. 


Installing a NetWare or Windows WebAccess or WebPublisher Application 
To install a WebAccess Application or a WebPublisher Application to a Web server: 


1 Insert the GroupWise 7 Administrator for NetWare/Windows CD into the CD drive to start the 
installation program, click Install Products, click Groupwise WebAccess, then click Install 
GroupWise WebAccess. If the installation program does not start automatically, run 
setup.exe from the root of the CD. 
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or 


If you’ve already copied the Groupwise WebAccess software to a software distribution 
directory, run setup.exe from the internet /webacces directory. 





2 Click Yes to accept the license agreement and display the Select Components dialog box. 


Deselect all components except the GroupWise WebAccess application and/or the Groupwise 
WebPublisher Application, then click Next. 


The WebAccess Application and WebPublisher Application must be associated with a 
WebAccess Agent. For information on configuring a WebAccess or WebPublisher Application 
to connect to other WebAccess Agents, see Section 53.3, “Configuring Redirection and 
Failover Support,” on page 860. 


4 Specify the path for the WebAccess Agent’s gateway directory. 


5 Follow the prompts to install the files to the Web server. Restart the Web server. 


53.2.2 Installing Additional Components on Linux 


+ 


+ 


“Installing a Linux WebAccess Agent” on page 859 
“Installing a Linux WebAccess and WebPublisher Application” on page 860 


For more information, see “Linux: Setting Up GroupWise WebAccess” in the GroupWise 7 
Installation Guide. 


Installing a Linux WebAccess Agent 


1 


Make sure that LDAP is running on your eDirectory server and that it is configured to accept 
login from the WebAccess Agent Installation program. 


In a terminal window, become root by entering sux and the root password. 


The sux command enables the X Window System, which is required for running the GUI 
Group Wise Installation program, Installation Advisor, and the Setup Advisor. If you do not 
want to use the X Window System, you can install GroupWise components individually, as 
described in “Installing the GroupWise Agents Using the Text-Based Installation Program” in 
“Installing GroupWise Agents” in the GroupWise 7 Installation Guide. 


Change to the root of the GroupWise 7 Administrator for Linux CD. 


4 Enter ./install. 


Select the language in which you want to run the Installation program and install the 
WebAccess software, then click Next. 


In the Installation program, click Install Products > GroupWise WebAccess > Install 
WebAccess Agent. 


7 When the installation is complete, click OK. 
8 Click Configure WebAccess Agent. 
9 Follow the prompts to configure the Linux WebAccess Agent. 


When installation and configuration is complete, you need to configure your GroupWise 
system so that the WebAccess and WebPublisher Applications know about this instance of the 
WebAccess Agent and can direct the appropriate user requests to it. For instructions, see 
Section 53.3, “Configuring Redirection and Failover Support,” on page 860. 
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Installing a Linux WebAccess and WebPublisher Application 
To install a WebAccess Application and a WebPublisher Application to a Web server: 


1 After installing and configuring the WebAccess Agent, if you want to use an existing Apache 
and Tomcat installations, click Install GroupWise WebAccess Application. 


or 
Click Install GroupWise WebAccess Application with Apache and Tomcat. 


This installs a version of Apache and Tomcat specifically for use with GroupWise. Apache files 
are installed under /var/opt/novell/http and /etc/opt/novell/http. Tomcat 
files are installed under /var/opt/novell/tomcat4 and /etc/opt/novell/ 
tomcat4. 


In addition, a self-signed certificate is generated, enabling users to use WebAccess and 
WebPublisher using an SSL connection. 





NOTE: The option to install Apache and Tomcat along with the WebAccess Application is not 
available if you are installing to Novell Open Enterprise Server Linux because Apache and 
Tomcat are already installed and configured correctly in that environment. 

2 When the installation is complete, click OK. 

3 Click Configure WebAccess Application. 

4 Follow the prompts to configure the Linux WebAccess Application. 


5 When the installation and configuration is complete, start or restart the Web server. 


53.3 Configuring Redirection and Failover 
Support 


Redirection enables the WebAccess Application to direct user requests to specific WebAccess 
Agents. For example, you might want WebAccess Agent | to process all requests from users on Post 
Office 1 and WebAccess Agent 2 to process all requests from users on Post Office 2. 


Failover support enables the WebAccess Application to contact a second WebAccess Agent if the 
first WebAccess Agent is unavailable. For example, if the WebAccess Application receives a user 
request that should be processed by WebAccess Agent 1 but it is unavailable, the WebAccess 
Application can route the user request to WebAccess Agent 2 instead. 


The following sections provide information to help you successfully configure redirection and 
failover support: 


+ Section 53.3.1, “How the WebAccess Application Knows Which WebAccess Agents to Use,” 
on page 861 

+ Section 53.3.2, “Synchronizing the Encryption Key,” on page 863 

+ Section 53.3.3, “Specifying a WebAccess Agent in the WebAccess URL,” on page 864 

+ Section 53.3.4, “Assigning a Default WebAccess Agent to a Post Office,” on page 865 

+ Section 53.3.5, “Assigning a Default WebAccess Agent to a Domain,” on page 866 


+ Section 53.3.6, “Adding WebAccess Agents to the GroupWise Service Provider’s List,” on 
page 867 
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53.3.1 How the WebAccess Application Knows Which 
WebAccess Agents to Use 


To redirect user requests or to fail over to a second WebAccess Agent, the WebAccess Application 
needs to know which WebAccess Agents you want it to use. This might be all of the WebAccess 
Agents in your system, or only specific WebAccess Agents. 


Each time a user logs in, the WebAccess Application compiles a list, referred to as a redirection/ 
failover list, of the WebAccess Agents defined in the locations listed below. 


+ The WebAccess URL. The standard URL does not contain a WebAccess Agent, but you can 
modify the URL to point to a specific agent. 


+ The user’s Post Office object. You can assign a default WebAccess Agent to the post office to 
handle requests from the post office’s users. 


+ The user’s Domain object. You can assign a default WebAccess Agent to the domain to 
handle requests from the domain’s users. 


* The GroupWiseProvider object. This is the service provider used by the WebAccess 
Application to connect to WebAccess Agents. 


+ The commer.cfg file. This file located in the WebAccess Application’s home directory, which 
varies by platform. 





NetWare novell\webaccess\users on the Web server 
and 

Windows: 

Linux: /opt/novell/groupwise/webaccess/users 


By default, only the GroupWise Provider object and the commgr . c fg file include a WebAccess 
Agent definition, as shown in the following table: 


Table 53-1 WebAccess Agent Default Locations 


Location WebAccess Agent 
WebAccess URL No agent defined 
Post office No agent defined 
Domain No agent defined 
GroupWise service provider Agent 1 
Commgr.cfg Agent 1 


If no other WebAccess Agents are defined (as is the case by default), the WebAccess Application 
directs all user requests to the WebAccess Agent (Agent 1) listed in the commgr . cfg file. This file 
is located in the WebAccess Application’s home directory on the Web server. The commgr. cfg 
file contains the IP address and encryption key for the WebAccess Agent that was associated with 
the WebAccess Application during the application’s installation. 


If Agent | is not available, the user receives an error message and cannot log in. 


Scaling Your WebAccess Installation 


861 


Redirection/Failover List: Example 1 


Assume that the WebAccess Agents are defined as follows: 


Location WebAccess Agent 
WebAccess URL No agent defined 
Post office Agent 1 
Domain Agent 4 
GroupWise service provider Agent 2 

Agent 3 
Commgr.cfg Agent 4 


Using this information, the WebAccess Application would create the following redirection/failover 


list: 

List Entry Taken From 

Agent 1 Post office 

Agent 4 Domain 

Agent 2 GroupWise service provider 
Agent 3 GroupWise service provider 


Because there is no WebAccess Agent defined in the WebAccess URL, the WebAccess Application 
redirects the user’s request to the default WebAccess Agent (Agent 1) assigned to the user’s post 
office. If Agent 1 is unavailable, the WebAccess Application fails over to the domain’s default 
WebAccess Agent (Agent 4). If Agent 4 is unavailable, the WebAccess Application fails over to 
Agent 2 and then Agent 3, both of which are defined in the GroupWise service provider’s list. 


Redirection/Failover List: Example 2 


Assume that the WebAccess Agents are defined as follows: 


Location WebAccess Agent 
WebAccess URL No agent defined 
Post office No agent defined 
Domain No agent defined 
GroupWise service provider Agent 1 

Agent 2 

Agent 3 
Commgr.cfg Agent 2 


Using this information, the WebAccess Application would create the following redirection/failover 
list: 
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List Entry Taken From 


Agent 1 GroupWise service provider 
Agent 2 GroupWise service provider 
Agent 3 GroupWise service provider 


Because there is no WebAccess Agent defined in the WebAccess URL, user’s post office, or user’s 
domain, the WebAccess Application redirects the user’s request to the first WebAccess Agent 
(Agent 1) in the GroupWise service provider’s list. If Agent 1 is unavailable, the WebAccess 
Application fails over to Agent 2 and then Agent 3. 


53.3.2 Synchronizing the Encryption Key 


Every WebAccess Agent has an encryption key. In order to communicate with a WebAccess Agent, 
the WebAccess Application must know the agent’s encryption key. The encryption key is randomly 
generated when the WebAccess Agent object is created in eDirectory, which means that every 
WebAccess Agent has a unique encryption key. 


If a WebAccess Application communicates with more than one WebAccess Agent, all the 
WebAccess Agents must use the same encryption key. 


To modify a WebAccess Agents encryption key: 


1 In ConsoleOne®, right-click the WebAccess Agent object, then click Properties. 
2 Click WebAccess to display the WebAccess Settings page. 
Properties of WEBAC70A 
WebAccess | WebPublisher | Access Control + | Reattach | Post Office Links | GroupWise + | NDS Rights v | Oth, 
_ Settings 


Maximum Threads: 12 < 








Encryption Key: RhB25u21cmLU42439542246tPI 


Page Options... | Cancel | 








3 Make the encryption key the same as the key for any other WebAccess Agents with which the 
WebAccess Application communicates. 


4 Click OK to save the changes. 
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53.3.3 Specifying a WebAccess Agent in the WebAccess URL 


To have the WebAccess Application connect to a WebAccess Agent other than the one specified in 
the commer.cfg file, you can add the WebAccess Agent’s IP address and port number to the URL 
that calls the WebAccess Application. For example, the default WebAccess Application URL is: 


http://web server ip address/gw/webacc 


This URL causes the WebAccess Application to use the IP address and port number that is listed in 
the commgr.cfg file. To redirect the WebAccess Application to another WebAccess Agent, you 
would use the following URLs: 
http://web server ip address/gw/webacc 

?GWAP.ip=agent ip address&GWAP.port=port number 


For example: 


http://172.16.5.18/gw/webacc 
?GWAP.ip=172.16.6.108GWAP.port=7204 


In this example, the WebAccess Application redirects its requests to the WebAccess Agent at IP 
address 172.16.6.10 and port number 7204. If the WebAccess Agent is using the same port number 
that is listed in the commgr . cfg file, you do not need to include the GWAP.port parameter. Or, if 
the WebAccess Agent is using the same IP address that is listed in the commgr . cfg file, you do 
not need to include the GWAP.ip parameter. 


If you want, you can use the WebAccess Agent’s DNS hostname in the URL rather than its IP 
address. 


You can also specify the user interface language by adding the &User.lang option. This allows you 
to bypass the initial WebAccess language page. For example: 


http://172.16.5.18/gw/webpub 
?GWAP.1ip=172.16.6.10&GWAP.port=7204é&User.lang=en 


You can use the language codes listed below with the &User.lang parameter in the WebAccess URL. 


Table 53-2 Language Codes 


Language Code Language Code 
Arabic ar Hebrew iw 
Brazilian Portuguese pt Hungarian hu 
Chinese Simplified cs Italian it 
Chinese Traditional ct Japanese jp 
Czechoslovakian CZ Korean kr 
Danish da Norwegian no 
Dutch nl Polish pl 
English us Russian ru 
Finnish su Spanish es 
French fr Swedish SV 
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Language Code Language Code 


German de 


You can add the URL to any Web page. For example, if you are using the Web Services page as your 
initial WebAccess page, you could add the URL to that page. You should add one URL for each 
WebAccess Agent. 


For example, suppose you had offices in three different locations and installed a WebAccess Agent 
at each location to service the post offices at those locations. To enable the WebAccess Application 
to redirect requests to the WebAccess Agent at the appropriate location, you could modify the Web 
Services page to display a list of the locations. The modified page would include the following 
HTML code (if WebAccess is running on NetWare or Windows): 

<UL> 


<LI><A HREF="http://172.16.5.18/gw/ 
webacc?GWAP.ip=172.16.6.10&GWAP.port=7204>San Francisco 
</A></LI> 





<LI><A HREF="http://172.16.5.18/gw/webacc?GWAP.ip=172.16.6.12>New York 
</A></LI> 











<LI><A HREF="http://172.16.5.18/gw/ 
webacc?GWAP.1ip=172.16.6.33&GWAP.port=7203>London 
</A></LI> 


</UL> 
The displayed HTML page would contain the following list of locations: 


+ San Francisco 
+ New York 
+ London 
When a user selects a location, the WebAccess Application routes all requests to the WebAccess 


Agent at the selected location. 


53.3.4 Assigning a Default WebAccess Agent to a Post Office 


The WebAccess Application uses the post office’s default WebAccess Agent ifno WebAccess Agent 
has been specified in the WebAccess URL (see Section 53.3.3, “Specifying a WebAccess Agent in 
the WebAccess URL,” on page 864) or if that WebAccess Agent is unavailable. This applies only if 
you have multiple WebAccess Agents installed in your GroupWise system. If you have only one 
WebAccess Agent, it services all post offices. 


To assign a default WebAccess Agent to a post office: 


1 In ConsoleOne, right-click the Post Office object, then click Properties. 
2 Click GroupWise > Default WebAccess to display the Default WebAccess page. 
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Properties of Development 


NDS Rights v | Other | Rights to Files and Folders 


Override | Default WebAccess Gateway: 


r 4 


Not Defined 








Page Options... | Cancel 





3 Select the Override box to turn on the option. 


4 Inthe Default WebAccess Gateway box, browse for and select the WebAccess Agent that you 
want to assign as the default agent. 


When you have multiple WebAccess Agents and a user logs in to GroupWise WebAccess, the 
GroupWise Application running on the Web server checks to see if a default WebAccess Agent 
has been assigned to the user’s post office. If so, the WebAccess Application connects to the 
assigned WebAccess Agent. If not, it connects to the default WebAccess Agent assigned to the 
post office’s domain, as described in Section 53.3.5, “Assigning a Default WebAccess Agent to 
a Domain,” on page 866 or to one of the WebAccess Agents in its service provider list, as 
described in Section 53.3.6, “Adding WebAccess Agents to the GroupWise Service Provider’s 
List,” on page 867. If possible, select a WebAccess Agent that has good access to the post 
office to ensure the best performance. 


5 Click OK to save the changes. 


53.3.5 Assigning a Default WebAccess Agent to a Domain 


The WebAccess Application uses the domain’s default WebAccess Agent if 1) no WebAccess Agent 
has been specified in the WebAccess URL (see Section 53.3.3, “Specifying a WebAccess Agent in 
the WebAccess URL,” on page 864), 2) no default WebAccess Agent has been defined for the user’s 
post office, or 3) neither of those WebAccess Agents are available. This applies only if you have 
multiple WebAccess Agents installed in your GroupWise system. If you have only one WebAccess 
Agent, it services users in all domains. 


To assign a default WebAccess Agent to a domain: 


1 In ConsoleOne, right-click the Domain object, then click Properties. 
2 Click GroupWise > Default WebAccess to display the Default WebAccess page. 


866 GroupWise 7 Administration Guide 


Properties of Provo1 


NDS Rights v | Other | Rights to Files and Folders 


Override | Default WebAccess Gateway: 


r 4 








Page Options... | Cancel 





3 Select the Override box to turn on the option. 


4 Inthe Default WebAccess Gateway box, browse for and select the WebAccess Agent that you 
want to assign as the default agent. 


When you have multiple WebAccess Agents and a user logs in to GroupWise WebAccess, the 
GroupWise Application running on the Web server checks to see if a default WebAccess Agent 
has been assigned to the user’s post office, as described in Section 53.3.4, “Assigning a Default 
WebAccess Agent to a Post Office,” on page 865. If so, the WebAccess Application connects to 
the assigned WebAccess Agent. If not, it connects to the default WebAccess Agent assigned to 
the post office’s domain or to one of the WebAccess Agents in its service provider list, as 
described in Section 53.3.6, “Adding WebAccess Agents to the GroupWise Service Provider’s 
List,” on page 867. If possible, you should select a WebAccess Agent that has good access to 
the domain’s post offices to ensure the best performance. Each post office uses the domain’s 
default WebAccess Agent unless you override the default at the post office level. 


5 Click OK to save the changes. 
53.3.6 Adding WebAccess Agents to the GroupWise Service 
Provider’s List 


1 In ConsoleOne, right-click the GroupWise service provider object (GroupWiseProvider), then 
click Properties. 


2 Click Provider to display the Environment page. 
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Properties of GroupWiseProvider 


Provider | NDS Rights + | Other | 
Environment 


Provider 

Type: Groupise Provider 

Class: com.novell.webaccess.providers gwap XGWAP 
ID: GWAP 


Timeout for Busy Search: 1 E minutes 


Groupise WebAccess Agent Information 





Configuration File: WBD-NVisys'Novellwebaccess\commar.cfg 





GroupWise WebAccess Agents: BAC?OA Provol GroupWise 


Customize Settings in XML 








Page Options... Cancel | Apply | Help | 








The Group Wise WebAccess Agents list displays the WebAccess Agents the Group Wise service 
provider can communicate with when attempting to complete a reguest. By default, the list 
includes the WebAccess Agent that is defined in the commgr . cfg file (listed in the 
Configuration File field). If the first WebAccess Agent is unavailable, the Group Wise service 
provider attempts to use the second, third, fourth, and so on until it is successful. 


3 Click Add, select the WebAccess Agent you want to add to the list, then click OK. 


4 Repeat Step 3 for each WebAccess Agent you want to add to the list, then click OK to save the 
changes. 
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Configuring WebAccess 
Components 


GroupWise® WebAccess consists of a number of components. The GroupWise 7 Installation Guide 
presented a simple overview of those components: 


Figure 54-1 WebAccess Components: Simplified 
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This section of the GroupWise 7 Administration Guide provides additional details about those and 


additional components: 


Figure 54-2 WebAccess Components: Complete 
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Each component can be configured to meet the specific needs of your GroupWise system: 


+ Section 54.1, “Configuring the WebAccess Agent,” on page 870 

+ Section 54.2, “Configuring the WebAccess Application,” on page 879 

+ Section 54.3, “Configuring the Novell Speller Application,” on page 892 

+ Section 54.4, “Configuring the WebPublisher Application,” on page 894 

+ Section 54.5, “Configuring the GroupWise Service Provider,” on page 903 

+ Section 54.6, “Configuring the LDAP Service Provider,” on page 905 

+ Section 54.7, “Configuring the GroupWise Document Service Provider,” on page 907 
+ Section 54.8, “Configuring the Document Viewer Agent,” on page 909 

+ Section 54.9, “Enabling Web Server Data Compression,” on page 913 
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54.1 Configuring the WebAccess Agent 


The WebAccess Agent receives user requests from the WebAccess Application and WebPublisher 
Application, accesses post offices and libraries to process the requests, and then passes information 
back to the applications. 


Figure 54-3 WebAccess Agent 
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During installation, the GroupWise® WebAccess Agent is set up with a default configuration. 
However, you can use the information in the following sections to optimize the WebAccess Agent 
for your environment: 
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+ Section 54.1.1, “Modifying WebAccess Settings,” on page 870 

+ Section 54.1.2, “Modifying WebPublisher Settings,” on page 871 

+ Section 54.1.3, “Managing Access to Post Offices,” on page 873 

+ Section 54.1.4, “Securing WebAccess Agent Connections with SSL,” on page 875 


+ Section 54.1.5, “Changing the WebAccess Agent’s Network Address or Port Numbers,” on 
page 877 


+ Section 54.1.6, “Binding the WebAccess Agent to a Specific IP Address,” on page 878 


54.1.1 Modifying WebAccess Settings 


Using ConsoleOne®, you can configure the following GroupWise WebAccess settings for the 
WebAccess Agent: 


+ The maximum number of threads the agent uses to process WebAccess messages 


+ The key used to encrypt information sent between the agent and the WebAccess Application 
To modify the configuration information: 


1 In ConsoleOne, right-click the WebAccess Agent object, then click Properties. 
2 Click WebAccess > Settings to display the WebAccess Settings page. 
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Properties of WEBAC70A 


WebAccess | WebPublisher | Access Control + | Reattach | Post Office Links | GroupWise MI NDS Rights ~| Oth) 
Settings 


Maximum Threads: 12 4 








Encryption Key: RhB25u21 cmLU42439642246tPI 


Page Options... 








3 Modify any of the following fields: 


Maximum Threads: This is the maximum number of threads the agent uses at one time to 
process requests. The default (12) enables the agent to process 12 requests at one time, which is 
usually sufficient. If the agent regularly receives more requests than it has threads, you might 
want to increase the maximum number of threads. Increasing the threads increases the amount 
of server memory used by the agent. 


To determine the maximum number of threads that have been in use at one time (for example, 8 
of the 12 threads), you can view the WebAccess Agent server console on NetWare® or you can 
view the status information displayed through the WebAccess Agent Web console on any 
platform. See Section 56.1, “Monitoring the WebAccess Agent,” on page 925. 


Encryption Key: The encryption key is used to encrypt and decrypt the information sent 
between the WebAccess Agent and the WebAccess Application. If you do not want to use the 
default encryption key, you can type your own key. The encryption key must be identical to the 
encryption keys of any other WebAccess Agents that the WebAccess Application 
communicates with. For more information, see Section 53.3, “Configuring Redirection and 
Failover Support,” on page 860. 


4 Click OK to save the changes. 


54.1.2 Modifying WebPublisher Settings 


Using ConsoleOne, you can configure the following WebPublisher settings for the WebAccess 
Agent: 


¢ The GroupWise account used by the WebAccess Agent to retrieve documents for WebPublisher 
users 


¢ The GroupWise libraries where the WebAccess Agent looks for documents that have been 
shared with GroupWise WebPublisher users 


+ Whether the WebPublisher user has General User Access to documents 
To modify the configuration information: 


1 In ConsoleOne, right-click the WebAccess Agent object, then click Properties. 
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2 Click WebPublisher > Settings to display the WebPublisher Settings page. 


Properties of WEBAC70A 
WebAccess Access Control + | Reattach | Post Office Links | GroupWise + | NDS Rights -| ot! 


‘WebPublisher Proxy User 





GroupWise Mailbox ID: |WebPubUser 
Password: Set Password 


Library Access 
Allow access to these libraries: 














Object ID Web Display Name Domain Post Office 
Development Library Development Library Provo1 Development 





IV. Assign General User Access to WebPublisher users 


Page Options... 








3 Modify any ofthe following fields: 


GroupWise Mailbox ID: The WebPublisher proxy user serves two purposes: 1) Group Wise 
users make documents available to Group Wise WebPublisher users by sharing the documents 
with the WebPublisher proxy user and 2) the WebAccess Agent logs in to GroupWise through 
the WebPublisher proxy user. This enables the WebAccess Agent to search for and retrieve 
documents that have been shared with the WebPublisher proxy user. Specify the ID for the 
Group Wise mailbox you want to use. 


Password: Click Set Password to specify the mailbox password. 


Allow Access to These Libraries: This list displays the libraries that the WebAccess Agent 
has access to. If a library is not in the list, WebPublisher users cannot see the library’s 
documents. If a library is listed, WebPublisher users can view any of the library’s documents 
that have been shared (by the document owner) with the WebPublisher proxy user. 


To add a library to the list, click Add, then browse for and select the library. 


To change the display name or description for the library, select the library, then click 
Properties. By default, the library’s Novell® eDirectory™ object name is used for the display 
name. 


To remove a library from the list, select the library, then click Remove. 


Assign General User Access to WebPublisher Users: When sharing documents with 

Group Wise users, a document’s owner can assign individual access rights and general access 
rights (through the General User Access option). The General User Access rights determine the 
access for all GroupWise users who do not receive individual access rights. For example, if a 
document’s owner sets the General User Access to View, all GroupWise users with access to 
that library can view the document. 


This option lets you determine whether or not you, as the GroupWise system administrator, 
want to give General User Access rights to WebPublisher users. For example, with this option 
enabled, WebPublisher users can view any documents that have General User Access set to 
View. 


4 Click OK to save the changes. 
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IMPORTANT: When you first set up WebPublisher, library documents are not visible to 
WebPublisher users until they have been indexed by the POA. You can wait until documents 
are indexed as part of the POA’s next indexing cycle or you can start the indexing process 


manually. 





5 If WebPublisher documents have not yet been indexed, run QuickFinder indexing, as described 
in “Updating QuickFinder Indexes” on page 527. 


54.1.3 Managing Access to Post Offices 


The WebAccess Agent requires access to all post offices where WebAccess users’ mailboxes or 
GroupWise libraries reside. The agent can access a post office using client/server mode, direct 


mode, or both. By default, it uses whichever mode is 
Settings page of the Post Office object. 


+ “Modifying Links to Post Offices” on page 873 
server, direct, or both. 


defined on the Post Office object’s Post Office 


explains how to set the access mode to client/ 


+ “Automating Reattachment to NetWare Servers” on page 874 explains how to configure the 


agent to automatically reconnect to post offices 


Modifying Links to Post Offices 


on NetWare servers. 


1 In ConsoleOne, right-click the WebAccess Agent object, then click Properties. 


2 Click Post Office Links > Settings. 


Properties of WEBAC70A 


WebAccess | WebPublisher | Access Control + | Reattach | Post Office Links | GroupWise + | NDS Rights + | Ot 


| Settings 


Post Offices: 





Post Office Access Mode 














Development cs 
cs 


CS 
cs 


Provo3 Marketing 





jbd-nw 
17216518 
jbd-win 


jbd-win 


Edit Link... 


Page Options... Cancel | Apply | Help | 








3 Inthe Post Offices list, select the post office whose link information you want to change, then 


click Edit Link to display the Edit Post Office L 


ink dialog box. 
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Edit Post Office Link 


Domain: Provo1 OK 
Post Office: Development 
= 5 Cancel 
Current Post Office Access: Client Server Only 
Access Mode: Client Server Only M 
Direct Access te | 


- 





Client/Server Access 





Host Name or IP Address: [iba-nw 
TCP Port: [1577 








4 Define the following properties: 


Access Mode: The access mode determines whether the WebAccess Agent uses client/server 
access, direct access, or both client/server and direct access to connect to the post office. With 
client/server and direct, the WebAccess Agent first tries client/server access; if client/server 
access fails, it then tries direct access. You can also choose to use the same access mode 
currently defined for the post office (on the Post Office object’s Post Office Settings page). The 
current access mode is displayed in the Current Post Office Access field. 


Direct Access: When connecting to the post office in direct mode, the WebAccess Agent can 
use the post office’s UNC path (as defined on the Post Office object’s Identification page) or a 
mapped path that you specify. 


Client/Server Access: When connecting to the post office in client/server mode, the 
WebAccess Agent must know the hostname (or IP address) and port number of the Post Office 
Agent running against the post office. 


5 Click OK. 
6 Repeat Step 3 through Step 5 for each post office whose link you want to change. 


Automating Reattachment to NetWare Servers 


You can specify the reattach information for the Windows WebAccess Agent in ConsoleOne. 
Whenever the Windows WebAccess Agent loses its connection to a post office that is on a NetWare 
server, it reads the reattach information from the domain database and attempts to reattach to the 
NetWare server. 


The NetWare WebAccess Agent does not use this information. To reattach to NetWare servers where 
users’ post offices reside, the NetWare WebAccess Agent uses the user ID and password specified 
during installation. This user ID and password are specified in the strtweb.ncf file 


To specify the reattachment information for the NetWare WebAccess Agent: 


1 In ConsoleOne, right-click the WebAccess Agent object, then click Properties. 
2 Click Reattach > Settings. 
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Properties of WEBAC70A 
WebAccess | WebPublisher | Access Control + [A Post Office Links | GroupWise + | NDS Rights v | Oth! 





Tree: 





Context: 








User ID: 


Password: 


Each connection to a post office must be established using the above NetWare login information. 





Page Options... 





3 Define the following properties: 


Tree: Specify the eDirectory tree that the WebAccess Agent logs in to. If the WebAccess Agent 
does not use an eDirectory user account, leave this field blank. 


Context: Specify the eDirectory context of the WebAccess Agent’s user account. If the 
WebAccess Agent does not use an eDirectory user account, leave this field blank. 


User ID: Specify the name of'the user account. 
Password: Specify the password for the user account. 
4 Click OK. 


54.1.4 Securing WebAccess Agent Connections with SSL 


The GroupWise WebAccess Agent can use the SSL (Secure Socket Layer) protocol to enable secure 
connections to Post Office Agents (POAs) and the WebAccess Agent Web console. For it to do so, 
you must ensure that the WebAccess Agent has access to a server certificate file and that you 
specified the connection types that you want secured through SSL. The following sections provide 
instructions: 


+ “Defining the Certificate File” on page 875 
+ “Enabling SSL” on page 876 


Defining the Certificate File 


To use SSL, the WebAccess Agent requires access to a server certificate file and key file. The 
WebAccess Agent can use any Base64/PEM or PFX formatted certificate file located on its server. If 
the WebAccess Agent’s server does not have a server certificate file, you can use the Group Wise 
Generate CSR utility to help you obtain one. For information, see Section 5.17.6, “GroupWise 
Generate CSR Utility (GWCSRGEN),” on page 83. 


To define the certificate file and key file for the WebAccess Agent to use: 


1 In ConsoleOne, right-click the WebAccess Agent object, then click Properties. 
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2 Click GroupWise > SSL Settings to display the SSL Settings page. 


Properties of WEBAC70A 





Certificate file: 








SSL key file: 


Set Password 


Page Options... | Cancel | 








3 Fill in the Certificate File, SSL Key File, and Set Password fields: 


Certificate File: Select the server certificate file for the WebAccess Agent to use. The 
certificate file must be in Base64/PEM or PFX format. If you type the filename rather than 
using the Browse button to select it, use the full path if the file is not in the same directory as the 
WebAccess Agent program. 


SSL Key File: Select the key file associated with the certificate. Ifthe private key is included 
in the certificate file rather than in a separate key file, leave this field blank. If you type the 
filename rather than using the Browse button to select it, use the full path ifthe file is not in the 
same directory as the WebAccess Agent program. 


Set Password: Click Set Password to specify the password for the key. Ifthe key does not 
require a password, do not use this option. 


4 If you want to define which connections will use SSL, click Apply to save your changes, then 
continue with the next section, Enabling SSL. 


or 


Click OK to save your changes. 


Enabling SSL 


After you’ve defined the WebAccess Agent’s certificate and key file (see “Defining the Certificate 
File” on page 875), you can configure which connections you want to use SSL. 


1 In ConsoleOne, if the WebAccess Agent object’s property pages are not already displayed, 
right-click the WebAccess Agent object, then click Properties. 


2 Click GroupWise > Network Address to display the Network Address page. 
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Properties of WEBAC70A 


WebAccess | WebPublisher | Access Control -| Reattach | Post Office Links | GroupWise v | NDS Rights ~| < 


TCPAP Address: 
IPX/SPX Address: 


I Bind Exclusively to TCPAP Address 


Port SSL 





7211 2 


7205 i 


Disabled x | 





TCP: 











Client/Server: Disabled x | 


Page Options... 





| Network Address 





jibd-nw. -provo.novell.com 





canes! | Appy | Help 





3 Configure the SSL settings for the following connections: 


HTTP: Select Enabled to enable the WebAccess Agent to use a secure connection when 
passing information to the WebAccess Agent Web console. The Web browser must also be 
enabled to use SSL; if it is not, a non-secure connection is used. 


Client/Server: Select from the following options to configure the WebAccess Agent’s use of 
secure connections to POAs: 


+ Disabled: The WebAccess Agent does not support SSL connections. All connections are 


non-SSL. 


+ Enabled: The POA determines whether an SSL connection or non-SSL connection is used. 


54.1.5 Changing the WebAccess Agent’s Network Address or 


Port Numbers 


If you change the network address (IP address or DNS hostname) of the WebAccess Agent’s server 
or move the WebAccess Agent to a new server, you need to change the network address in 
ConsoleOne. You can also change the port numbers used by the WebAccess Agent. 


1 In ConsoleOne, right-click the WebAccess Agent object, then click Properties. 
2 Click GroupWise > Network Address to display the Network Address page. 
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Properties of WEBAC70A 


WebAccess | WebPublisher | Access Control ~| Reattach | Post Office Links | GroupWise v | NDS Rights ~| < 
| Network Address 





TCPAP Address: [ibd-nw provo.novel.com 





IPXISPX Address: | 


I Bind Exclusively to TCPAP Address 


Port SSL 
7211 $| |pisabed ~ | 

TCP: 7205 +| 

Client/Server: Disabled x | 








Page Options... ok | Cancel | Apply | Hep | 





3 To change the WebAccess Agent’s IP address, click the Edit button next to the TCP/IP Address 


field to display the Edit Network Address dialog box. 


Edit Network Address 


TCPAP Address 





© IP Address: 








(° DNS Host Name: |ibd-nw provo novell com] 


Cancel Help 





Change the IP address or DNS hostname as necessary, then click OK to return to the Network 
Address page. 


To change the port numbers used by the WebAccess Agent, type the new port number in the 
appropriate field. 


HTTP Port: This is the port used to listen for reguests from its Web console. The default port 
number is 7211. 


TCP Port: This is the port used to listen for reguests from the WebAccess Application and 
WebPublisher Application. The default port is 7205. 


6 Click OK to save the changes. 


54.1.6 Binding the WebAccess Agent to a Specific IP Address 


You can now cause the WebAccess Agent to bind to a specified IP address when the server where it 
runs uses multiple IP addresses. The specified IP address is associated with all ports used by the 
agent. Without an exclusive bind, the WebAccess Agent binds to all IP addresses available on the 
server. Use the /ip startup switch in the WebAccess Agent startup file (webac70.waa) to specify 


the IP address that you want the WebAccess Agent to bind to. 
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54.2 Configuring the WebAccess Application 


The WebAccess Application, which resides on the Web server, provides the WebAccess user 
interface. As users perform actions in the WebAccess client, the WebAccess Application passes 
information between the Web browser and the WebAccess Agent. 


Figure 54-4 WebAccess Application 


Speller LDAP 
Application Server 


WebAccess LDAP Provider 
Application E 
ee Provider 


Document 
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Post Office 





WebAccess \*—> 
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Viewer 
Agent 


During installation, the WebAccess Application is set up with a default configuration. However, you 
can use the information in the following sections to optimize the WebAccess Application 
configuration: 





Web Web 
Browser |* >| Server 


WebPublisher 
Application 






+ Section 54.2.1, “Modifying the WebAccess Application Environment Settings,” on page 879 
+ Section 54.2.2, “Adding or Removing Service Providers,” on page 881 

+ Section 54.2.3, “Modifying WebAccess Application Template Settings,” on page 882 

+ Section 54.2.4, “Securing WebAccess Application Sessions,” on page 888 

+ Section 54.2.5, “Controlling Availability of WebAccess Features,” on page 890 


54.2.1 Modifying the WebAccess Application Environment 
Settings 

Using ConsoleOne, you can modify the WebAccess Application’s environment settings. The 
environment settings determine such things as the location where ConsoleOne stores the WebAccess 


Application’s configuration file and how long the WebAccess Application maintains an open session 
with an inactive user. 


To modify the environment settings: 


1 In ConsoleOne, right-click the WebAccess Application object (GroupWise WebAccess), then 
click Properties. 





NOTE: The WebAccess Application object is not available in the GroupWise View. To locate 
the WebAccess Application object, you must use the Console View. 





2 Click Applications > Environment to display the Environment page. 
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Properties of GroupWiseWebAccess 


Application + | NDS Rights + | other | 
Environment | 





Configuration File: |\JBD-NwsysWoveliwebaccessiwebacc.ctql 








File Upload Path: — WyBD-NWiisysNovelhwebaccess'ttemp 








Logout URL: 





Page Options... Cancel Apply 





3 Modify any of the following fields: 


Configuration File: The WebAccess Application does not have access to Novell eDirectory or 
the GroupWise domain database. Therefore, ConsoleOne writes the application’s configuration 
information to the file specified in this field. By default, this is the webacc . cfg file located 
in the WebAccess Application’s home directory, which varies by platform. 








NetWare novell\webaccess\users on the Web server 
and 

Windows: 

Linux: /opt/novell/groupwise/webaccess/users 


In general, you should avoid changing the location of the file. If you do, you need to make sure 
to modify the webacc.cfg path in the Java servlet engine’s property file or (for example, 
web.xml for Tomcat). If you do not, the WebAccess Application continues to look for its 
configuration information in the old location. 


File Upload Path: When a user attaches a file to an item, the file is uploaded to the directory 
displayed in this field. By uploading the file before the item is sent, less time is required to send 
the item when the user clicks the Send button. After the user sends the item (or cancels it), the 
WebAccess Application deletes the file from the directory. 


Specify the upload directory you want to use. The default path is to the temp directory, located 
in the WebAccess Application’s home directory, which varies by platform. 





NetWare novell\webaccess\users on the Web server 
and 

Windows: 

Linux: /opt/novell/groupwise/webaccess/users 





Logout URL: By default, users who log out of GroupWise WebAccess are returned to the 
login page. If desired, you can enter the URL for a different page. 
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The logout URL can be defined in this location and two additional locations. These locations 
are listed below, in the order that the WebAccess Application checks them. 


¢ Trusted server logout URL (configured on the Security page) 
+ Template-specific logout URL (configured on the Templates page) 
+ General logout URL (configured on the Environment page) 


For example, you define a general logout URL (WebAccess Application object > Environment) 
and a Standard HTML template logout URL (WebAccess Application object > Templates). You 
are not using trusted servers, so you do not set any trusted server logout URLs. When a 
Standard HTML template user logs out of WebAccess, the Standard HTML template logout 
URL is used. However, when a Basic HTML template user logs out, the general logout URL is 
used. 

If none of these locations include a logout URL, the WebAccess Application defaults to the 
standard login page. 


4 Click OK to save the changes. 


54.2.2 Adding or Removing Service Providers 


The WebAccess Application receives requests from users and then passes the requests to the 
appropriate service provider. The service provider fills the requests and returns the required 
information to the WebAccess Application. The WebAccess Application merges the information 
into the appropriate template and displays it to the user. 


To function properly, the WebAccess Application must know which service providers are available. 
WebAccess includes three service providers: 


+ GroupWise service provider (GroupWiseProvider object): Communicates with the 
WebAccess Agent to fill Group Wise requests. 


+ Document service provider (GroupWiseDocumentProvider object): Communicates with 
the WebAccess Agent to fill WebPublisher requests. 


+ LDAP service provider (LDAPProvider object): Communicates with LDAP servers to fill 
LDAP requests, such as LDAP directory searches initiated through the GroupWise Address 
Book. 


The service providers are installed and configured at the same time as the WebAccess Application. 
You can disable a service by removing the corresponding provider. 


If you create new service providers to expose additional services through GroupWise WebAccess, 
you must define those service providers so that the WebAccess Application knows about them. 


To define service providers: 


1 In ConsoleOne, right-click the WebAccess Application object, then click Properties. 
2 Click Application > Services to display the Services page. 


The Provider List displays all service providers that the WebAccess Application is configured 
to use. 
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Properties of GroupWiseWebAccess 
DS Rights ~ | Other | 


Provider List: 





GroupVViseProvider Provo1 .GroupWise 
ILDAPProvider Provo1 .GroupWise 








Page Options... 








3 Choose from the following options: 


Add: To add a service provider to the list, click Add, browse for and select the service 
provider’s object, then click OK. 


Edit: To edit a service provider’s information, select the provider in the list, then click Edit. For 
information about the modifications you can make, see Section 54.5, “Configuring the 
GroupWise Service Provider,” on page 903 and Section 54.6, “Configuring the LDAP Service 
Provider,” on page 905. 


Delete: To remove a service provider from the list, select the provider, then click Delete. 


4 Click OK to save the changes. 


54.2.3 Modifying WebAccess Application Template Settings 


When the WebAccess Application receives information from a service provider, it merges the 
information into the appropriate WebAccess template before displaying the information to the user. 
Using ConsoleOne, you can modify the WebAccess Application’s template settings. The template 
settings determine such things as the location of the templates, the maximum amount of server 
memory to use for caching the templates, and the default template language. 


1 In ConsoleOne, right-click the WebAccess Application object, then click Properties. 
2 Click Application > Templates to display the Templates page. 
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Properties of GroupWiseWebAccess 


Application + | NDS Rights ~ | Other | 
Templates: 


Locations 





Template Path: |\WBD-NVVisys\Tomcat'4 webappsigw web-inficlasses\cominovelliwebaccessttemplates 





Java Package: |com.novell.webaccess templates 





Images URL: lawicomhovellwebaccess images 





Applets URL: {igw 








Help URL: Jgwicommovellwebaccessshelp 


‘Caching 


IV Enable template caching 
Cache Size: 2500 | KBytes 
User Interface 
Default Language: {English hé 
Define User Interfaces 


Page Options... Cancel Apply 








3 Modify any of the following fields: 


Template Path: Select the location of the template base directory. The template base directory 
contains the subdirectories (simple, frames, hdml, and wm1) for each of the templates 
provided with GroupWise WebAccess. If you create your own templates, you need to place the 
templates in a new subdirectory in the template base directory. The default template path varies 
by platform. 





NetWare tomcat_dir\webapps\ROOT\web- 

and inf\classes\com\novell\webaccess\templates. 

Windows: 

Linux: /var/opt/novell/tomcat/webapps/gw/WEB-INF/classes/com/novell/ 





webaccess/templates. 


Java Package: Specify the Java package that contains the template resources used by the 
WebAccess Application. The default package is com. novell.webaccess.templates. 


Images URL: Specify the URL for the GroupWise WebAccess image files. These images are 
merged into the templates along with the GroupWise information. This URL must be relative to 
the Web server’s document root directory. The default relative URL varies by platform. 





NetWare /com/novell/webaccess/images 
and 

Windows: 

Linux: /gw/com/novell/webaccess/images 


Applets URL: In some instances (Address Book and Month Calendar, for example), applets 
can be used instead of the standard templates. Specify the URL for the GroupWise WebAccess 
applets (Address Book, Month Calendar, and so forth). This URL must be relative to the Web 
server’s document root directory. The default relative URL varies by platform. 
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NetWare /com/novell/webaccess/applets 
and 
Windows: 


Linux: /gw/com/novell/webaccess/applets 


Help URL: Specify the URL for the GroupWise WebAccess Help files. This URL must be 
relative to the Web server’s document root directory. The default relative URL varies by 








platform. 

NetWare /com/novell/webaccess/help 
and 

Windows: 

Linux: /gw/com/novell/webaccess/help 


Enable Template Caching: To speed up access to the template files, the WebAccess 
Application can cache the files to the server’s memory. Select this option to turn on template 
caching. 


Cache Size: Select the maximum amount of memory, in kilobytes, that you want to use when 
caching the templates. The default cache size, 2500 KB, is sufficient to cache all templates 
shipped with GroupWise WebAccess. If you modify or add templates, you can turn on Verbose 
logging (WebAccess Application object > Application > Log Settings) to view the size of the 
template files. Using this information, you can then change the cache size appropriately. 


Default Language: If you have more than one language installed, select the language to use 
when displaying the initial GroupWise WebAccess page. If users want the Group Wise 
WebAccess interface (templates) displayed in a different language, they can change it on the 
initial page. 

Define User Interfaces: GroupWise WebAccess supports Web browsers on many different 
devices (for example, computers and wireless telephones). Each device supports specific 
content types such as HTML, HDML, and WML. When returning information to a device’s 
Web browser, the WebAccess Application must merge the information into a set of templates to 
create an interface that supports the content type required by the Web browser. 


GroupWise WebAccess ships with five predefined user interfaces (Standard HTML, Basic 
HTML, Handheld Device Markup Language, Wireless Markup Language, and Web Clipping). 
These interfaces support Web browsers that require HTML, HDML, and WML content types. 
Click the User Interface button to view, add, modify, or delete user interfaces. For more 
information, see Defining WebAccess User Interfaces below. 


4 Click OK to save the changes. 


Defining WebAccess User Interfaces 


1 From the WebAccess Application object’s Templates page, click Define User Interfaces to 
display the Define User Interfaces dialog box. 
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Define User Interfaces 


rowser User Agents | Browser Accept Types | 


Each user interface is generated from the assigned templates and content type. 


User Interface Template Content Type Logout URL 
css extihtml | 
.… hdmi text/x-hdml | 
„wml textand.wap.wml | 
| 
| 











‘simple text/html 
webclip extihtml 

















Default: Standard HTML 








OK Cancel Help 


The dialog box includes three tabs: 


User Interfaces: The User Interfaces tab lets you add, modify, and remove user interfaces, as 
well as determine whether or not GroupWise data added to an interface should be cached on 
proxy servers. Each interface consists of template files that support a specific content type. For 
example, the predefined Standard HTML interface uses frame-based HTML templates, located 
in the frames directory, that support the text/html content type. 


Browser User Agents: The Browser User Agents tab lets you associate a user interface with a 
Web browser. The association is based on the browser’s User Agent information (signature, 
platform, version, and so forth). For example, if a browser’s User Agent information includes 
"Windows CE" (one of the predefined entries), the WebAccess Application uses the Basic 
HTML interface (no-frames interface). 


Browser Accept Types: The Browser Accept Types tab lets you associate a user interface with 
a Web browser. The association is based on the content type the browser accepts. For example, 
if a browser accepts text/html (one of the predefined entries), the WebAccess Application uses 
the Standard HTML interface (frames-based interface). 


To add, remove, or modify user interfaces, click the User Interfaces tab. 


Define User Interfaces 


rowser User Agents | Browser Accept Types | 
Each user interface is generated from the assigned templates and content type. 


User Interface Template Content Type Logout URL 
‘Standard HTML CSS text/html 
Handheld Device Ma... hdmi jtexthc-hdml 

ireless Markup Lan...|wml ext/vnd.wap.wml 
Basic HTML simple text/html 
Neb Clipping . |webelip testihtmi 





























Default: Standard HTML 








The User Interface list displays all available user interfaces. The list includes the following 
information: 


User Interface: This column displays the name assigned to the user interface (for example, 
Standard HTML or Wireless Markup Language). 
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Template: This column displays the directory in which the template files are located. Only the 
directory name is shown. You can append this directory name to the template path shown on 
the Templates page to see the full template directory path. 


Content Type: This column displays the content type required by the templates (for example, 
text/html, text/x-hdml, or text/vnd.wap.wml). 


Logout URL: By default, when a user logs out, he or she is returned to the standard login page. 
When adding or editing the user interface, you can use the logout URL to define a different 
page. If you do so, this column displays the URL. This URL overrides the logout URL 
specified on the WebAccess Application object’s Environment page (see Section 54.2.1, 
“Modifying the WebAccess Application Environment Settings,” on page 879). It is overridden 
by the logout URL specified for a trusted server on the WebAccess Application object’s 
Security page (see Section 54.2.4, “Securing WebAccess Application Sessions,” on page 888). 


Choose from the following options to manage the user interfaces: 
Add: Click Add to add a user interface to the list. 


Edit: Select a user interface in the list, then click Edit to edit the interface’s name, template 
directory, content type, or proxy caching setting. 


Default: Select a user interface in the list, then click Default to make that interface the default 
interface. The WebAccess Application uses the default interface only if it can’t determine the 
appropriate interface based on the browser’s User Agent (WebAccess Application object > 
Browser User Agent) or the browser’s accepted content types (WebAccess Application object > 
Browser Accept Types). 


Delete: Select a user interface in the list, then click Delete to remove the interface. This only 
removes the entry from the list. It does not delete the template files from the template directory. 


3 To associate a user interface with a Web browser based on the browser’s User Agent 
information, click Browser User Agents. 


KS Define User Interfaces 


Browser Accept Types | 


Browsers that identify themselves with these user agent strings will be sent the assigned user interface. 





Browser User Agent User Interface Add... 
“Windows CE* Basic HTML ——— 
*Go Web* Basic HTML 
*AvantGo* Basic HTML 
*Eudora* Basic HTML 
*Elaine* feb Clipping 
*Blazer* Basic HTML 
*NetFront* Basic HTML 
“VWebPro;* Basic HTML 









































OK | Cancel | Help 








The Browser User Agents tab lets you associate a user interface with a Web browser. The 
association is based on the browser’s User Agent information (signature, platform, version, and 
so forth). For example, if a browser’s User Agent information includes Windows CE (one of 
the predefined entries), the WebAccess Application uses the Basic HTML interface (no-frames 
interface). 


If a browser’s User Agent information matches more than one entry in the list, the application 
uses the first entry. If the browser’s User Agent information does not match any entries in the 
list, the WebAccess Application tries to select an interface based on the content types the 
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browser accepts (WebAccess Application object > Browser Accept Types). If no match is made 
based on the Accept Types information, the WebAccess Application uses the default user 
interface listed on the User Interfaces tab. 


Choose from the following options to manage the associations: 
Add: Click Add to add an entry to the list. 
Edit: Select an entry from the list, then click Edit to edit the entry’s information. 


Up: Select an entry from the list, then click Up to move it up in the list. If two entries match the 
information in a browser’s User Agent header, the WebAccess Application uses the interface 
associated with the first entry listed. 


Down: Select an entry from the list, then click Down to move it down in the list. 
Delete: Select an entry from the list, then click Delete to remove the entry. 
To associate a user interface with a Web browser based on the content type that the browser 


accepts, click Browser Accept Types. 


Define User Interfaces 


User Interfaces | Browser User Agents 


The browser will be sent the interface based on the best match for the browser's preferred format. 








Browser Accept Type User Interface 
ext/x-hdml Handheld Device Markup Language 
ext/vnd.wap.wml Wireless Markup Language 


























OK | Cancel | Help 





The Browser Accept Types tab lets you associate a user interface with a Web browser. The 
association is based on the content type the browser accepts. For example, if a browser accepts 
text/html (one of the predefined entries), the WebAccess Application uses the Standard HTML 
interface (frames-based interface). 


Many browsers accept more than one content type (for example, both text/html and text/plain). 
If the list contains more than one acceptable content type, the WebAccess Application uses the 
browser’s preferred content type, which is the type that is listed first in the browser’s Accept 
Type header. 


If no interface can be determined based on the entries in the list, the WebAccess Application 
uses the default user interface listed on the User Interfaces tab. 


Choose from the following options to manage the associations: 

Add: Click Add to add an entry to the list. 

Edit: Select an entry from the list, then click Edit to edit the entry’s information. 
Delete: Select an entry from the list, then click Delete to remove the entry. 


Click OK to save your changes and return to the WebAccess Application object’s Templates 
page. 
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54.2.4 Securing WebAccess Application Sessions 


The WebAccess Application includes several settings to help you ensure that user information is 
secure. You can: 
+ Specify a period of time after which inactive sessions are closed. The default is 20 minutes. 
+ Secure sessions through the use of client IP binding or browser session cookies. 
¢ Disable information caching by proxy servers and Web browsers. 


+ Enable GroupWise authentication through a trusted server. 
To modify the security settings: 


1 In ConsoleOne, right-click the WebAccess Application object, then click Properties. 
2 Click Application > Security to display the Security page. 


Properties of GroupWiseWebAccess 


Application v | NDS Rights + | Other | 
Security 


Timeout 


Timeout for inactive sessions: | 20 4 


Path for inactive sessions: [uyBD-mwisysioveliwebaccessiusers 





Securing Sessions 


IV Use client IP in securing sessions 


User Interface Use Cookies Disable Caching 
‘Standard HTML o [ 
Handheld Device Markup Language | 
reless Markup Language 
Basic HTML 
feb Clipping 























single sign-on 
Trusted Server Logout URL (Optional) Enabled Add 


Page Options... Cancel | Apply | Help | 














3 Modify any ofthe following fields: 


Timeout for Inactive Sessions: When a user logs in, the WebAccess Application opens a 
session with the user. This option lets you specify a period of time after which the WebAccess 
Application closes a session that has become inactive. A session becomes inactive when the 
user does not perform any actions, such as opening a message, that generate calls to the 
WebAccess Application. Having a timeout period not only provides security for user e-mail but 
also ensures that Group Wise WebAccess runs efficiently. 


Select how long the WebAccess Application should wait before ending an inactive session. If 
the user attempts to perform an action after the session has timed out, he or she is prompted to 
log in again. 

Path for Inactive Sessions: Browse for and select the folder where you want the WebAccess 
Application to save information about inactive sessions. This allows the WebAccess 
Application to return the user to the exact state he or she was in when the session timed out. 
Inactive sessions are automatically deleted after a period of time. 


The default path is to the users directory, located in the WebAccess Application’s home 
directory, which varies by platform. 
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NetWare novell\webaccess\users on the Web server 
and 
Windows: 





Linux: /opt/novell/groupwise/webaccess/users 





Use Client IP in Securing Sessions: Select this option if you want the WebAccess Application 
to bind the client IP address to the session. For that session, the WebAccess Application accepts 
requests from the bound IP address only. If you are using a proxy server that masks the client IP 
address, you should use the Use Cookies option instead. 


User Interface/Use Cookies/Disable Caching: You can increase security by using session 
cookies and disabling caching of WebAccess information. Session cookies and caching are 
configurable on a per-user interface (template basis). For example, you could use session 
cookies and disable caching for the Standard HTML interface and not use session cookies or 
disable caching for the Wireless Markup Language interface. 


+ Use Cookies: Select this option if you want the WebAccess Application to use a session 
cookie to secure the user’s session. The session cookie, which is created when the user 
opens the session, ties the session to the browser and ensures that the WebAccess 
Application accepts session requests from that browser only. The session cookie is held in 
memory and exists only as long as the user is logged in. 


By default, session cookies are enabled for all interfaces, with the exception of the Web 
Clippings interface, which does not support session cookies. 


¢ Disable Caching: This option affects both Web browser caching and proxy server 
caching. Because the WebAccess Application sends sensitive mailbox information (such 
as message text and passwords) to users, caching of files by Web browsers and proxy 
servers can pose an information security risk. 


If you select the Disable Caching option, the WebAccess Application includes a disable 
caching request in the header of each file that it sends. By default, Web browsers honor 
this request and does not cache files that include the request. Proxy servers, on the other 
hand, might or might not honor the request, depending on how they are configured. If the 
proxy server honors the request, the file is not cached; if it does not honor the request, the 
file is cached, regardless of this setting. 


Single Sign-On: The WebAccess Application supports authentication to GroupWise using 
Base64 authentication header credentials generated by a trusted server (for example, a Novell 
iChain® Authentication Server). The authentication header generated by the trusted server must 
contain the username and password required to log the user into GroupWise. For this to occur, 
one of the following conditions must be met: 


+ The regular GroupWise username and password must match the credentials passed from 
the trusted server. 


or 


+ The LDAP authentication credentials used by each POA (if LDAP has been enabled) must 
match the credentials passed from the trusted server (Post Office object > GroupWise > 
Security). 


If the credentials passed from the trusted server match the credentials being used by the 
GroupWise system, then the GroupWise WebAccess login page is bypassed and the user has 
immediate access to the requested mailbox. 
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To specify a trusted server whose authentication header credentials are accepted by the 
WebAccess Application, click Add to display the Add Trusted Server Information dialog box, 
then provide the server’s IP address or DNS hostname. For more information about the fields in 
the Add Trusted Server Information dialog box, click the dialog box’s Help button. 


54.2.5 Controlling Availability of WebAccess Features 


By default, WebAccess users can: 


+ Spell check messages 

+ Search LDAP directories 

+ Change their GroupWise mailbox passwords 

+ Use Document Management Services 

+ Open attachments in native format 

+ Open documents in native format 

+ View attachments in HTML format 

+ View documents in HTML format 
All users who log in through a single Web server have the same feature access. You cannot configure 
individual user settings. However, if you have multiple Web servers, you can establish different 


settings for the Web servers by completing the following steps for each server’s WebAccess 
Application. 


To configure the WebAccess Application’s user settings: 


1 In ConsoleOne, right-click the WebAccess Application object, then click Properties. 
2 Click Application > Settings to display the Settings page. 


Properties of GroupWiseWebAccess 


NDS Rights + | Other | 


M Spell check items 

[ Search LDAP directories 

[V Change passwords 

[V Access document management 


[V Open attachments in native format 





[7 Open documents in native format 





Include only files with these extensions: 
Comma separated list of extensions( eg: doc,xis,ppt ) 


M View attachments in HTML format 





[V View documents in HTML format 





Exclude files with these extensions: 


Comma separated list of extensions( eg: x!s,Zip,tar ) 
Maximum file view size (KB): 1024 + 
v 


Customize Settings in XML 
Page Options... Cancel 














3 Configure the following settings: 


890 GroupWise 7 Administration Guide 


Spell Check Items: Enable this option if you want users to be able to use the Novell Speller to 
spell check an item’s text before sending the item. Disable this option to remove all Spell 
Check features from the user interface. 


Search LDAP Directories: Enable this option if you have an LDAP server and you want users 
to be able to search any LDAP address books you have defined. Disable this option to remove 
all LDAP features from the user interface. 


Change Passwords Enable this option if you want users to be able to change their Mailbox 
passwords. Disable this option to remove all Password features from the user interface. 


Access Document Management: Enable this option if you want users to be able to use the 
Document Management features. Disable this option to remove all Document Management 
features from the user interface. 


Open Attachments in Native Format: By default, the Save As option enables users to save 
message attachments to their local drives and then open them in their native applications. You 
can turn on this option to enable the Open option. The Open option enables users to open 
message attachments directly in their native applications without first saving the files to the 
local drive. 


This option requires that 1) each user’s Web browser knows the correct application or plug-in 
to associate with the attachment, according to its file extension or MIME type, and 2) the 
application or plug-in is available to the user. Otherwise, the user are prompted to save the file 
to disk or specify the application to open it. 


This option and the View Attachments in HTML Format option can both be enabled at the 
same time. Doing so gives users both the Open option and the View option, which means they 
have the choice of opening an attachment in its native application or viewing it as HTML. 


Open Documents in Native Format: By default, the Save As option enables user to save 
library documents to their local drives and then open them in their native applications. You can 
turn on this option to enable the Open option. The Open option enables users to open 
documents directly in their native applications without first saving the files to the local drive. 


This option requires that 1) each user’s Web browser knows the correct application or plug-in 
to associate with the document, according to its file extension or MIME type, and 2) the 
application or plug-in is available to the user. Otherwise, the user is prompted to save the file to 
disk or specify the application to open it. 


This option and the View Documents in Native Format option can both be enabled at the same 
time. Doing so gives users both the Open option and the View option, which means they have 
the choice of opening a document in its native application or viewing it as HTML. 


+ Include Only Files With These Extensions: If you want only certain file types to be 
have the Open option, enter the file types in the Jnclude Only Files With These Extensions 
field. Include only the extension and separate each extension with a comma (for example, 
doc, xls, ppt). The Open option is not available for any file types not entered in this field. 
This setting applies when opening either library documents or attachments. 


View Attachments in HTML Format: Enable this option if you want users to be able to view 
any type of attachments in HTML format. Disable this option to require users to save an 
attachment to a local drive and view it in its native application. WebAccess uses Stellent* 
Outside In* HTML Export to convert files to HTML format. 


For a list of the supported file format conversions, download the following document from the 
Stellent Web site: 


Outside In Supported Platforms and File Formats (http://www.stellent.com/stellent3/groups/ 
mkt/documents/nativepage/outside_in_supported_platforms.pdf) 
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This option and the Open Attachments in Native Format option can both be enabled at the same 
time. Doing so gives users both the View option and the Open option, which means they have 
the choice of viewing an attachment as HTML or opening it in its native application. 


View Documents in HTML Format: Enable this option if you want users to be able to view 
library documents in HTML format. Disable this option to require users to save a document to 
a local drive and view it in its native application. WebAccess uses Stellent Outside In HTML 
Export to convert files to HTML format. 


For a list of the supported file format conversions, download the following document from the 
Stellent Web site: 


Outside In Supported Platforms and File Formats (http://www.stellent.com/stellent3/groups/ 
mkt/documents/nativepage/outside_in_supported_platforms.pdf) 


This option and the Open Documents in Native Format option can both be enabled at the same 
time. Doing so gives users both the View option and the Open option, which means they have 
the choice of viewing a document as HTML or opening it in its native application. 


+ Exclude Files With These Extensions: If you want to exclude certain file types from 
having the View option, specify the file types in the Exclude Files With These Extensions 
field. Include only the extension and separate each extension with a comma (for example, 
doc, xls, ppt). The View option is available for any file types not entered in this field. This 
setting applies when viewing either library documents or attachments. 


+ Maximum Document View Size: Specify the maximum size file that can be viewed in 
HTML format. If a file exceeds the maximum size, it must be opened in native format (if 
allowed) rather than viewed in HTML format. The default maximum size is 1024 KB. 
This setting applies when viewing either library documents or attachments. 


4 Click OK. 


54.3 Configuring the Novell Speller Application 


The Novell Speller Application enables users to spell check their messages. The Speller Application 
is installed automatically with the WebAccess Application. 


Figure 54-5 Speller Application 
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During installation, the Speller Application is set up with a default configuration. However, you can 
optimize the Speller Application configuration: 













Web 
Browser |* i 





Document 
Service Provider 


892 GroupWise 7 Administration Guide 


Using ConsoleOne, you can modify the Speller Application’s environment settings. The 
environment settings determine such things as the location where ConsoleOne stores the Speller 
Application’s configuration file. 


To modify the environment settings: 


1 In ConsoleOne, right-click the Speller Application object (NovellSpeller), then click 
Properties. 





NOTE: The Speller Application object is not available in the GroupWise View. To locate the 
Speller Application object, you must use the Console View. 





2 Click Application > Environment to display the Environment page. 


Properties of NovellSpeller 


Application + | NDS Rights ~| Other | 
Environment 





Configuration File: \WBD-NVVisys'Novellwebaccess'spelichk.cfg 








Dictionary Path: \WBD-Nv\isys\Tomcat\4webappsigwweb-inficlasses\com'novellicollexionmorphologyide | 





Maximum Suggestions: 10 = 


Customize Settings in XML 








Page Options... Cancel Apply 





3 Modify any of the following fields: 


Configuration File: The Speller Application does not have access to Novell eDirectory or the 
GroupWise domain database. Therefore, ConsoleOne writes the application’s configuration 
information to the file specified in this field. By default, this is the spellchk.cfg file 
located in the WebAccess Application’s home directory, which varies by platform. 


NetWare novell\webaccess\users on the Web server 
and 

Windows: 

Linux: /opt/novell/groupwise/webaccess/users 





In general, you should avoid changing the location of the file. If you do change the location of 
the file, you need to make sure to modify the spell chk. cfg path in the Java servlet engine’s 
properties file. If you do not, the Speller Application continues to look for its configuration 
information in the old location. 


Dictionary Path: Displays the path to the dictionary files used by the Speller Application. The 
default installation directory varies by platform. 
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NetWare tomcat_dir\webapps\ROOT\web- 


and inf\classes\com\novell\collexion\morphology\data 
Windows: 
Linux: /var/opt/novell/tomcat/webapps/gw/WEB-INF/classes/com/novell/ 





collexion/morphology/data 


Maximum Suggestions: Select the maximum number of suggestions the Speller Application 
returns for misspelled words. The default is 10. 


Customize Settings in XML: Click this button to launch the XML editor. You can use the 
editor to add, modify, or delete settings. 


4 Click OK to save the changes. 


54.4 Configuring the WebPublisher Application 


The WebPublisher Application, which resides on the Web server, provides the WebPublisher user 
interface. As users perform actions in the WebPublisher client, the WebPublisher Application passes 
information between the Web browser and the WebAccess Agent. 


Figure 54-6 WebPublisher Application 
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During installation, the WebPublisher Application is set up with a default configuration. However, 
you can use the information in the following sections to optimize the WebPublisher Application 
configuration: 
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+ Section 54.4.1, “Modifying the WebPublisher Application Environment Settings,” on page 895 
+ Section 54.4.2, “Adding or Removing Service Providers,” on page 896 

+ Section 54.4.3, “Modifying WebPublisher Application Template Settings,” on page 897 

+ Section 54.4.4, “Controlling Availability of WebPublisher Features,” on page 901 
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54.4.1 Modifying the WebPublisher Application Environment 
Settings 
Using ConsoleOne, you can modify the WebPublisher Application’s environment settings. The 


environment settings determine such things as the location where ConsoleOne stores the 
WebPublisher Application’s configuration file. 


To modify the environment settings: 


1 In ConsoleOne, right-click the WebPublisher Application object (GroupWiseWebPublisher), > 
click Properties. 





NOTE: The WebPublisher Application object is not available in the GroupWise View. To 
locate the WebPublisher Application object, you must use the Console View. 





2 Click Application > Environment to display the Environment page. 


Properties of GroupWiseWebPublisher 


Application + | NDS Rights + | Other | 
Environment 





Configuration File: |4J8D-mvisysWovelhwebpublisherwebpub cfg] 





Page Options... Cancel Apply 





3 Modify any of the following fields: 


Configuration File: The WebPublisher Application does not have access to Novell eDirectory 
or the GroupWise domain database. Therefore, ConsoleOne writes the application’s 
configuration information to the file specified in this field. By default, this is the 

webpub. cfg file located in the WebPublisher Application’s home directory, which varies by 


platform. 

NetWare novell\webpublisher on the Web server 
and 

Windows: 

Linux: /opt/novell/groupwise/webpublisher 


In general, you should avoid changing the location of the file. If you do change the location of 
the file, you need to make sure to modify the webpub. cfg path in the Java servlet engine’s 
properties file. If you do not, the WebPublisher Application continues to look for its 
configuration information in the old location. 
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4 Click OK to save the changes. 


54.4.2 Adding or Removing Service Providers 


The WebPublisher Application receives requests from users and then passes the requests to the 
appropriate service provider. The service provider fills the requests and returns the required 
information to the WebPublisher Application. The WebPublisher Application merges the 
information into the appropriate template and displays it to the user. 


To function properly, the WebPublisher Application must know which service providers are 
available. By default, WebPublisher includes one service provider, the GroupWise Document 
service provider (GroupWiseDocumentProvider). The GroupWise Document service provider 
communicates with the WebAccess Agent to fill WebPublisher requests. 


The GroupWise Document service provider is installed and configured at the same time as the 
WebPublisher Application. You can disable the GroupWise Document service by removing the 
Group Wise Document service provider. If you create new service providers to expose additional 
services through GroupWise WebPublisher, you must define those service providers so that the 
WebPublisher Application knows about them. 


To define service providers: 


1 In ConsoleOne, right-click the WebPublisher Application object, then click Properties. 
2 Click Application > Services to display the Services page. 
The Provider List displays all service providers that the WebPublisher Application is 
configured to use. 


Properties of GroupWiseWebPublisher 
IDS Rights v | Other | 


Provider List: 





GroupiseDocumentProvider Provo1 GroupVise 











Page Options... Cancel 





3 Choose from the following options: 


Add: To add a service provider to the list, click Add, browse for and select the service 
provider’s object, then click OK. 


Edit: To edit a service provider’s information, select the provider in the list, then click Edit. For 
information about the modifications you can make, see Chapter 54.7, “Configuring the 
GroupWise Document Service Provider,” on page 907. 
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Delete: To remove a service provider from the list, select the provider, then click Delete. 


4 Click OK to save the changes. 


54.4.3 Modifying WebPublisher Application Template Settings 


When the WebPublisher Application receives information from a service provider, it merges the 
information into the appropriate WebPublisher template before displaying the information to the 
user. Using ConsoleOne, you can modify the WebPublisher Application’s template settings. The 
template settings determine such things as the location of the templates, the maximum amount of 
server memory to use for caching the templates, and the default template language. 


1 In ConsoleOne, right-click the WebPublisher Application object, then click Properties. 
2 Click Application > Templates to display the Templates page. 


Properties of GroupWiseWebPublisher 


Application ~ | nos Rights MI Other | 
Templates 


Locations 





Template Path: (WBRD-NisysiTomcatidwebappsigyw'web-inficlassesicominovelliwebpublisher'itemplates (mi 





Java Package: |com.novell.webpublisher templates 





Images URL: gw/cominovell/webpublisher images 





Applets URL: 








Help URL: Wgw/cominovell/webpublisher help 


Caching 


IV Enable template caching 
Cache Size: 100 KBytes 
User Interface 
Default Language: |English ja 
Define User Interfaces 








Page Options... Cancel Apply 





3 Modify any of the following fields: 


Template Path: Select the location of the template base directory. The template base directory 
contains the subdirectories for each of the templates provided with GroupWise WebAccess. 
Currently, only one template is provided for WebPublisher. This is an HTML template that uses 
frames; the template files are stored in the FRAMES subdirectory. If you create your own 
templates, you need to place the templates in a new subdirectory in the template base directory. 
The default installation directory varies by platform. 


NetWare tomcat dir\webapps\ROOT\web- 

and inf\classes\com\novell\webpublisher\templates 

Windows: 

Linux: /var/opt/tomcat/webapps/gw/WEB-INF/classes/com/novell/ 


webpublisher/templates 


Java Package: Specify the Java package that contains the template resources used by the 
WebPublisher Application. The default package is com.novell.webpublisher.templates. 
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Images URL: Specify the URL for the GroupWise WebPublisher image files. These images 
are merged into the templates along with the GroupWise document information. This URL 
must be relative to the Web server’s document root directory. The default relative URL varies 


by platform. 

NetWare /com/novell/webpublisher/images 
and 

Windows: 

Linux: /gw/com/novell/webpublisher/images 


Applets URL: GroupWise WebPublisher does not include any applets. If you create 
GroupWise WebPublisher applets, you need to specify the URL for the applets. To mirror the 
storage location of the GroupWise WebAccess applets, you can store the applets in a 
com\novell\webpublisher\applets directory under the Web server’s document root directory. 
The applets URL is then relative to the Web server’s document root directory, which varies by 


platform. 

NetWare /com/novell/webpublisher/applets 
and 

Windows: 

Linux: /gw/com/novell/webpublisher/applets 


Help URL: Specify the URL for the GroupWise WebPublisher Help files. This URL must be 
relative to the Web server’s document root directory. The default relative URL varies by 


platform. 

NetWare /com/novell/webpublisher/help 
and 

Windows: 

Linux: /gw/com/novell/webpublisher/help 


Enable Template Caching: To speed up access to the template files, the WebPublisher 
Application can cache the files to the server’s memory. Select this option to turn on template 
caching. 


Cache Size: Select the maximum amount of memory, in kilobytes, you want to use when 
caching the templates. The default cache size, 1024 KB, is sufficient to cache all templates 
shipped with GroupWise WebPublisher. If you modify or add templates, you can turn on 
Verbose logging (WebPublisher Application object > Application > Log Settings to view the 
size of the template files. Using this information, you can then change the cache size 
appropriately. 


Default Language: Select the language to use when displaying the initial Group Wise 
WebPublisher page. If users want the GroupWise WebPublisher interface (templates) displayed 
in a different language, they can change it on the initial page. 


4 Click OK to save the changes. 
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Defining WebPublisher User Interfaces 


1 From the WebPublisher Application object’s Templates page, click Define User Interfaces to 
display the Define User Interfaces dialog box. 


efine User Interfaces 


rowser User Agents | Browser Accept Types: | 


Each user interface is generated from the assigned templates and content type. 





User Interface | Template [ Content Type [ Logout URL 
Standard HTML CSS less Jtextihtmi 











Default: Standard HTML CSS 








OK | Cancel | Help 








The dialog box includes three tabs: 


User Interfaces: The User Interfaces tab lets you add, modify, and remove user interfaces, as 
well as determine whether or not GroupWise data added to an interface should be cached on 
proxy servers. Each interface consists of template files that support a specific content type. For 
example, the predefined Standard HTML interface uses frame-based HTML templates, located 
in the frames directory, that support the text/html content type. 


Browser User Agents: The Browser User Agents tab lets you associate a user interface with a 
Web browser. The association is based on the browser’s User Agent information (signature, 
platform, version, and so forth). 


Browser Accept Types: The Browser Accept Types tab lets you associate a user interface with 
a Web browser. The association is based on the content type the browser accepts. 


2 To add, remove, or modify user interfaces, click the User Interfaces tab. 


Define User Interfaces 


rowser User Agents | Browser Accept Types | 


Each user interface is generated from the assigned templates and content type. 


User Interface Template Content Type Logout URL 


Standard HTML CSS less [text/html | | 











Default: Standard HTML CSS 








OK | Cancel | Help 








The User Interface list displays all available user interfaces. The list includes the following 
information: 


User Interface: This column displays the name assigned to the user interface (for example, 
Standard HTML). 
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Template: This column displays the directory in which the template files are located. Only the 
directory name is shown. You can append this directory name to the template path shown on 
the Templates page to see the full template directory path. 


Content Type: This column displays the content type required by the templates (for example, 
text/html, text/x-hdml, or text/vnd.wap.wml). 


Logout URL: By default, when a user logs out, he or she is returned to the standard login page. 
When adding or editing the user interface, you can use the logout URL to define a different 
page. If you do so, this column displays the URL. This URL overrides the logout URL 
specified on the WebPublisher Application object’s Environment page (see Section 54.3, 
“Configuring the Novell Speller Application,” on page 892). 


Choose from the following options to manage the user interfaces: 
Add: Click Add to add a user interface to the list. 


Edit: Select a user interface in the list, then click Edit to edit the interface’s name, template 
directory, content type, or proxy caching setting. 


Default: Select a user interface in the list, then click Default to make that interface the default 
interface. The WebPublisher Application uses the default interface only if it can’t determine the 
appropriate interface based on the browser’s User Agent (WebAccess Application object > 
Browser User Agent) or the browser’s accepted content types (WebAccess Application object > 
Browser Accept Types). 


Delete: Select a user interface in the list, then click Delete to remove the interface. This only 
removes the entry from the list. It does not delete the template files from the template directory. 


3 To associate a user interface with a Web browser based on the browser’s User Agent 
information, click the Browser User Agents tab. 


Define User Interfaces 


User Interfaces || Browser Accept Types | 


Browsers that identify themselves with these user agent strings will be sent the assigned user interface. 








Browser User Agent | User Interface | Add... 
|- pe! 

















OK | Cancel | Help 





The Browser User Agents tab lets you associate a user interface with a Web browser. The 
association is based on the browser’s User Agent information (signature, platform, version, and 
so forth). For example, if a browser’s User Agent information includes Windows CE and 
you’ve created a specialized Windows CE user interface (templates), you could associate the 
User Agent and user interface so that Windows CE users see your specialized Windows CE 
user interface. 


Ifa browser’s User Agent information matches more than one entry in the list, the application 
uses the first entry. If the browser’s User Agent information does not match any entries in the 
list, the WebPublisher Application tries to select an interface based on the content types the 
browser accepts (WebAccess Application object > Browser Accept Types). If no match is made 
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based on the Accept Types information, the WebPublisher Application uses the default user 
interface listed on the User Interfaces tab. 


Choose from the following options to manage the associations: 
Add: Click Add to add an entry to the list. 
Edit: Select an entry from the list, then click Edit to edit the entry’s information. 


Up: Select an entry from the list, then click Up to move it up in the list. If two entries match the 
information in a browser’s User Agent header, the WebPublisher Application uses the interface 
associated with the first entry listed. 


Down: Select an entry from the list, then click Down to move it down in the list. 
Delete: Select an entry from the list, then click Delete to remove the entry. 
4 To associate a user interface with a Web browser based on the content type that the browser 


accepts, click the Browser Accept Types tab. 


Define User Interfaces 


User Interfaces | Browser User Agents i 


The browser will be sent the interface based on the best match for the browser's preferred format. 











Browser Accept Type User Interface 

















OK | Cancel | Help 








The Browser Accept Types tab lets you associate a user interface with a Web browser. The 
association is based on the content type the browser accepts. 


Many browsers accept more than one content type (for example, both text/html and text/plain). 
If the list contains more than one acceptable content type, the WebPublisher Application uses 
the browser’s preferred content type, which is the type that is listed first in the browser’s 
Accept Type header. 


If no interface can be determined based on the entries in the list, the WebPublisher Application 
uses the default user interface listed on the User Interfaces tab. 


Choose from the following options to manage the associations: 

Add: Click Add to add an entry to the list. 

Edit: Select an entry from the list, then click Edit to edit the entry’s information. 
Delete: Select an entry from the list, then click Delete to remove the entry. 


5 Click OK to save your changes and return to the WebPublisher Application object’s Templates 
page. 


54.4.4 Controlling Availability of WebPublisher Features 


WebPublisher users can: 


+ View documents in HTML format. 
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+ Open documents in native format. 


All users who access WebPublisher through a single Web server have the same feature access. You 
cannot configure individual user settings. However, if you have multiple Web servers, you can 
establish different settings for the Web servers by completing the following steps for each server’s 
WebPublisher Application. 


To configure the WebPublisher Application’s user settings: 


1 In ConsoleOne, right-click the WebAccess Application object, then click Properties. 
2 Click Application > Settings to display the Settings page. 


Properties of GroupWiseWebPublisher 
| NDS Rights + | Other | 


Allow users to 


T Open documents in native format 





Comma separated list of extensions( eg: doc,xis,ppt ) 


FI|]F€X€°'']''““"pC 


Comma separated list of extensions( eg: xis,zip,tar ) 


T View documents in HTML format 





Customize Settings in XML 


Page Options... Cancel Apply 








3 Configure the following settings: 


Open Documents in Native Format: By default, the Save As option enables user to save 
library documents to their local drives and then open them in their native applications. You can 
turn on this option to enable the Open option. The Open option enables users to open 
documents directly in their native applications without first saving the files to the local drive. 


This option requires that 1) each user’s Web browser knows the correct application or plug-in 
to associate with the document, according to its file extension or MIME type, and 2) the 
application or plug-in is available to the user. Otherwise, the user is prompted to save the file to 
disk or specify the application to open it. 


This option and the View Documents in Native Format option can both be enabled at the same 
time. Doing so gives users both the Open option and the View option, which means they have 
the choice of opening a document in its native application or viewing it as HTML. 


+ Include Only Files With These Extensions: If you want only certain file types to be 
have the Open option, specify the file types in the Jnclude Only Files With These 
Extensions field. Include only the extension and separate each extension with a comma 
(for example, doc, xls, ppt). The Open option is not available for any file types not entered 
in this field. 


View Documents in HTML Format: Enable this option if you want users to be able to view 
library documents in HTML format. Disable this option to require users to save a document to 
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a local drive and view it in its native application. WebAccess uses Stellent Outside In HTML 
Export to convert files to HTML format. 


For a list of the supported file format conversions, download the following document from the 
Stellent Web site: 


Outside In Supported Platforms and File Formats (http://www.stellent.com/stellent3/groups/ 
mkt/documents/nativepage/outside_in_supported_platforms.pdf) 


This option and the Open Documents in Native Format option can both be enabled at the same 
time. Doing so gives users both the View option and the Open option, which means they have 
the choice of viewing a document as HTML or opening it in its native application. 


+ Exclude Files With These Extensions: If you want to exclude certain file types from 
having the View option, enter the file types in the Exclude Files With These Extensions 
field. Include only the extension and separate each extension with a comma (for example, 
doc, xls, ppt). The View option is available for any file types not entered in this field. 


+ Maximum Document View Size: Specify the maximum size file that can be viewed in 
HTML format. If a file exceeds the maximum size, it must be opened in native format (if 
allowed) rather than viewed in HTML format. The default maximum size is 1024 KB. 


4 Click OK. 


54.5 Configuring the GroupWise Service 
Provider 


The GroupWise service provider receives GroupWise requests from the WebAccess Application and 
communicates with the WebAccess Agent to fill the requests. 


Figure 54-7 GroupWise Service Provider 
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The Group Wise service provider is installed and configured when you install the WebAccess 
Application to a Web server. The WebAccess installation program creates a Novell eDirectory object 
for the Group Wise service provider in the same context as the WebAccess Application. The object is 
named Group WiseProvider. Using ConsoleOne, you can modify the GroupWiseProvider object to: 











<—>( Post Office 
—C library ) 






Web 
Browser || > 


+ Change how long the service provider waits for the WebAccess Agent to return information for 
a Busy Search. Users can perform Busy Searches when scheduling appointments to ensure that 
the appointment’s recipients are available at the scheduled time. The default timeout interval is 
1 minute. 
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+ Define the WebAccess Agents that the service provider contacts to fill GroupWise requests. If 
your GroupWise system includes more than one WebAccess Agent, you can use this feature to 
provide failover support. 


To modify the GroupWise service provider’s configuration: 


1 In ConsoleOne, right-click the GroupWise service provider object (GroupWiseProvider), then 
click Properties. 





NOTE: The GroupWise service provider object is not available in the GroupWise View. To 
locate the GroupWise service provider object, you must use the Console View. 





2 Click Provider > Environment to display the Environment page. 


Properties of GroupWiseProvider 


Provider NDS Rights v | Other | 
Environment 


Provider 

Type: GroupWise Provider 

Class: com.novell.webaccess providers gwap XGWAP 
ID: GWAP 


Timeout for Busy Search: 


GroupWise WebAccess Agent Information 








Configuration File: \WJBD-NVVisys'Novellwebaccess\commgr.ctg 





GroupWise WebAccess Agents: BAC?OA Provo GroupWise 


Customize Settings in XML 


Page Options... Cancel Apply 








3 Choose from the following options: 


Timeout for Busy Search: Select how long you want the GroupWise service provider to wait 
for the WebAccess Agent to return information when a user performs a Busy Search. 


Configuration File: The WebAccess Agent’s configuration file (commgr.cfg) contains the 
agent’s IP address and the encryption key required by the GroupWise service provider to 
communicate with the WebAccess Agent. By default, the commgr. cfg file is stored in the 
WebAccess Application’s home directory, which varies by platform. 





NetWare novell\webaccess\users on the Web server 
and 

Windows: 

Linux: /opt/novell/groupwise/webaccess/users 





In general, you should not need to change this setting. However, if you have multiple 
WebAccess Agents in your GroupWise system and you are optimizing WebAccess to provide 
greater scalability and availability, you might need to change the setting. For information, see 
Section 53.3, “Configuring Redirection and Failover Support,” on page 860. 
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GroupWise WebAccess Agents: This list displays the WebAccess Agents the GroupWise 
service provider can communicate with when attempting to complete a request. If the first one 
listed is unavailable, the GroupWise service provider attempts to use the second, third, fourth, 
and so on until it is successful. This provides failover support and ensures greater availability 
for your WebAccess users. For more information about optimizing availability, see 

Section 53.3, “Configuring Redirection and Failover Support,” on page 860. 


The list must include at least one WebAccess Agent. 
Choose from the following options to manage the WebAccess Agents: 


+ Add: Click Add to browse for and select the WebAccess Agent object, then click OK to 
add it to the list. 


+ Edit: Selecta WebAccess Agent in the list, then click Edit to edit the WebAccess Agent’s 
object properties. 


+ Up: Select a WebAccess Agent from the list, then click Up to move it up in the list. 


+ Down: Select a WebAccess Agent from the list, then click Down to move it down in the 
list. 


+ Delete: Select a WebAccess Agent in the list, then click Delete to remove it from the list. 


Customize Settings in XML: Click this button to launch the XML editor. You can use the 
editor to add, modify, or delete GroupWise service provider settings. 


4 Click OK to save the changes. 


54.6 Configuring the LDAP Service Provider 


The LDAP service provider is installed and configured when you install the WebAccess Application 
to a Web server. The LDAP service provider receives LDAP directory requests from the WebAccess 
Application and communicates with LDAP services to fill the requests. 


Figure 54-8 LDAP Service Provider 
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The GroupWise WebAccess installation program creates a Novell eDirectory object for the LDAP 
service provider in the same context as the WebAccess Application. The object is named 
LDAPProvider. Using ConsoleOne®, you can modify the LDAPProvider object to define the LDAP 
services that the service provider can contact. 


To modify the LDAP service provider’s configuration: 
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1 In ConsoleOne, right-click the LDAP service provider object (LDAPProvider), then click 
Properties. 





NOTE: The LDAP service provider object is not available in the GroupWise View. To locate 
the LDAP service provider object, you must use the Console View. 





2 Click Provider > Environment to display the Environment page. 


Properties of LDAPProvider 


Provider | NOS Rights ~ | Other | 
Environment 


Provider 

Type: LDAP Provider 

Class: com.novell.webaccess providers Idap.LDAPProvider 
ID: LDAP 





Configuration File: |WJBD-NV\isys\Novellwebaccessiidap.ctg 





LDAP Servers: — |BigFoot 
‘SwitchBoard Directory 





Customize Settings in XML 





Page Options... Cancel Apply 





3 Choose from the following options: 


Configuration File: The LDAP service provider’s configuration file (Ldap . cfg) contains 
the information for the LDAP services defined in the LDAP servers list. Because the LDAP 
service provider cannot access eDirectory or the GroupWise databases for this information, 

ConsoleOne writes the information to the ldap. cfg file. 


By default, the ldap. cfg file is stored in the WebAccess Application’s home directory, 
which varies by platform. 





NetWare novell\webaccess\users on the Web server 
and 

Windows: 

Linux: lopt/novell/groupwise/webaccess/users 





You should avoid changing the location of the file. If you do change the location of the file, you 
need to make sure to modify the ldap. cfg path in the Java servlet engine’s properties file. If 
you do not, the LDAP service provider continues to look for its configuration information in 
the old location. 


LDAP Servers: This list displays the LDAP services the LDAP service provider can 
communicate with. The GroupWise WebAccess Address Book lists all LDAP services shown 
in the list. 
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Choose from the following options to manage LDAP servers: 


+ Add: Click Add to display the Add LDAP Server dialog box, fill in the required 
information, then click OK to add the LDAP service to the list. For information about each 
of the LDAP server information fields, click Help in the Add LDAP Server dialog box. 


+ Edit: Select an LDAP service in the list, then click Edit to edit the LDAP service’s 
information. 


+ Delete: Select an LDAP service in the list, then click Delete to remove the LDAP service 
from the list. 


Customize Settings in XML: Click this button to launch the XML editor. You can use the 
editor to add, modify, or delete LDAP service provider settings. 


4 Click OK to save the changes. 


54.7 Configuring the GroupWise Document 
Service Provider 


The GroupWise Document service provider is installed and configured when you install the 
WebPublisher Application to a Web server. The GroupWise Document service provider receives 
Group Wise document requests from the WebPublisher Application and communicates with the 
WebAccess Agent to fill the requests. 


Figure 54-9 Document Service Provider 


Speller LDAP 
Application Server 
WebAccess LDAP Provider 

asi 


GroupWise Provider i 
Web TTL TT Webaccess <«—»( Post Office 
Server 


Agent E 
WebPublisher (TM £ sad 
Application Service Provider | 
Viewer 
Agent 


The WebAccess installation program creates a Novell eDirectory object for the GroupWise 
Document service provider in the same context as the WebPublisher Application. The object is 
named Group WiseDocumentProvider. Using ConsoleOne, you can modify the 

Group WiseDocumentProvider object to define the WebAccess Agents that the service provider 
contacts to fill GroupWise document requests. If your GroupWise system includes more than one 
WebAccess Agent, you can use this feature to provide failover support. 
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To modify the GroupWise Document service provider’s configuration: 


1 In ConsoleOne, right-click the GroupWise Document service provider object 
(GroupWiseDocumentProvider), then click Properties. 
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NOTE: The GroupWise Document service provider object is not available in the GroupWise 
View. To locate the GroupWise Document service provider object, you must use the Console 
View. 





2 Click Provider > Environment to display the Environment page. 


Properties of GroupWiseDocumentProvider 


Provider NDS Rights ~ | Other | 
Environment 


Provider 

Type: GroupWWise Document Provider 

Class: com.novell.webpublisher providers.gwdoc.G\DocProvicder 
ID: GWDOC 


GroupWise WebAccess Agent Information 





Configuration File: \WIBD-NVVisys'Novellwvebpublishertcommar.cfg 





GroupWise WebAccess Agents: IVEBAC70A Provol GroupWise 


Customize Settings in XML 


Page Options... Cancel Apply 








3 Choose from the following options: 


Configuration File: The WebAccess Agent’s configuration file (commgr.cfg) contains the 
agent’s IP address and the encryption key required by the GroupWise Document service 
provider to communicate with the WebAccess Agent. By default, the commgr .cfg file is 
stored in the WebPublisher Application’s home directory, which varies by platform. 


NetWare novell\webpublisher on the Web server 
and 

Windows: 

Linux: /opt/novell/groupwise/webpublisher 


In general, you should not need to change this setting. However, if you have multiple 
WebAccess Agents in your GroupWise system and you are optimizing WebPublisher to 
provide greater scalability and availability, you might need to change the setting. For 
information, see Section 53.3, “Configuring Redirection and Failover Support,” on page 860. 


GroupWise WebAccess Agents: This list displays the WebAccess Agents the GroupWise 
Document service provider can communicate with when attempting to complete a request. If 
the first one listed is unavailable, the GroupWise Document service provider attempts to use 
the second, third, fourth, and so on until it is successful. This provides failover support and 
ensures greater availability for your WebPublisher users. For more information about 
optimizing availability, see Section 53.3, “Configuring Redirection and Failover Support,” on 
page 860. 


The list must include at least one WebAccess Agent. 
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Choose from the following options to manage the WebAccess Agents: 
+ Add: Click Add to browse for and select the WebAccess Agent object, then click OK to 
add it to the list. 
+ Edit: Select a WebAccess Agent in the list, then click Edit to edit the WebAccess Agent’s 
object properties. 
+ Up: Select a WebAccess Agent from the list, then click Up to move it up in the list. 
+ Down: Select a WebAccess Agent from the list, then click Down to move it down in the 
list. 
+ Delete: Select a WebAccess Agent in the list, then click Delete to remove it from the list. 
Customize Settings in XML: Click this button to launch the XML editor. You can use the 
editor to add, modify, or delete GroupWise Document service provider settings. 


4 Click OK to save the changes. 


54.8 Configuring the Document Viewer Agent 


The documents that users attach to e-mail messages are as varied as the combinations of document 
formats, tools, and users throughout the world. In order to display documents in your Web browser, 
WebAccess must convert them to HTML. Because some documents contain unexpected data, 
WebAccess cannot convert them. In earlier versions of GroupWise, the WebAccess Agent 
sometimes shut down when it could not convert a document. This occurrence then interrupted the 
activities of all WebAccess users. 


The Document Viewer Agent isolates the document conversion task from the WebAccess Agent. 
The Viewer Agent can simultaneously convert multiple documents into HTML format. If it 
encounters a problem converting a document, the problem does not affect conversion of other 
documents, nor does it affect the functioning of the WebAccess Agent. Therefore, WebAccess users 
do not experience interruptions because of documents that fail to convert into HTML. 


Figure 54-10 Viewer Agent 
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The Viewer Agent is automatically installed along with the WebAccess Agent, and the WebAccess 
Agent manages the Viewer Agent, starting and stopping it as needed. The default configuration of 
the Viewer Agent is sufficient to provide basic document conversion functionality. The Viewer 
Agent is configured by editing its startup file (gwdva . dva). The default location for the startup 
files varies by platform. 
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NetWare: sys:\system 
Linux: /opt/novell/groupwise/agents/share 


Windows: c:\webacc 


In the Viewer Agent startup file, you can configure the following aspects of Viewer Agent 
functioning: 

+ Section 54.8.1, “Viewer Agent Web Console,” on page 910 

+ Section 54.8.2, “Document Conversion,” on page 910 

+ Section 54.8.3, “Document Quarantine,” on page 911 

+ Section 54.8.4, “Document Cache,” on page 911 

+ Section 54.8.5, “Agent Performance,” on page 912 

+ Section 54.8.6, “Agent Log Files,” on page 912 

+ Section 54.8.7, “Client/Server Configuration,” on page 912 


54.8.1 Viewer Agent Web Console 


As with the other Group Wise agents, you can view configuration and status information about the 
Viewer Agent in your Web browser. To enable the Viewer Agent Web console, enable the /http 
startup switch in the Viewer Agent startup file. The default port number is 7439. By default, anyone 
who knows the server IP address and port number can access the Viewer Agent Web console, but 
you can configure the Viewer Agent to prompt for a username and password if desired. 


The following switches configure the Viewer Agent Web console. 


+ /http 

+ /httpport 
+ /httpuser 
+ /httppw 


After enabling the /http switch and restarting the WebAccess Agent, use the following URL to 
display the Viewer Agent Web console: 


http://server_address:7439 


For more information, see Section 56.3, “Monitoring the Document Viewer Agent,” on page 935 


54.8.2 Document Conversion 


The Viewer Agent creates a working directory named gwdva . dir under the directory where the 
Viewer Agent program is installed. Under this directory, it uses the temp subdirectory for temporary 
files created during file conversion. By default, if the Viewer Agent cannot determine the language 
of a file it is trying to convert, it uses the ISO language code en for English. 


The following switches configure the document conversion functionality of the Viewer Agent: 


+ /temp 
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+ /lang 


After editing the Viewer Agent startup file, stop and restart the WebAccess Agent to put the new 
settings into effect. 


54.8.3 Document Quarantine 


You can configure the Viewer Agent to quarantine documents that cannot be converted to HTML so 
that they can be examined manually if necessary. To enable the file quarantine feature, uncomment 
the /hold startup switch in the Viewer Agent startup file. Documents that fail HTML conversion are 
then placed in the hold subdirectory of the Viewer Agent working directory (gwdva. dir). 


You can configure the Viewer Agent to notify an administrator whenever a document is placed in 
quarantine. You can also control the maximum amount of disk space that the document quarantine is 
allowed to occupy. 


The following switches configure the document quarantine functionality of the Viewer Agent: 


+ /hold 
+ /maxhold 
+ /email 
+ /domain 
+ /relay 


After editing the Viewer Agent startup file, stop and restart the WebAccess Agent to put the new 
settings into effect. 


54.8.4 Document Cache 


You can configure the Viewer Agent to cache documents that have already been converted to 
HTML. This speeds up document display when the same document is viewed multiple times and by 
multiple users. To enable document caching, enable the /cache startup switch in the Viewer Agent 
startup file. This creates a cache subdirectory under the Viewer Agent working directory 
(gwdva. dir). Under the cache subdirectory, converted GroupWise library documents are stored in 
a library cache subdirectory (000) and converted document attachments are stored in a transient 
cache subdirectory (tran). If the Viewer Agent encounters a problem converting a document, it 
adds the document to its list of problem documents in the problem directory, so that it does not 
repeatedly try to convert the same problem documents. 


You can control the maximum amount of disk space that the document cache is allowed to occupy. 
You can also control the maximum amount of time documents remain cached. 


The following switches configure the document cache functionality of the Viewer Agent: 


+ /cache 

* /maxcache 

+ /maxtrancache 
* /maxtrantime 


+ /maxprobtime 
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After editing the Viewer Agent startup file, stop and restart the WebAccess Agent to put the new 
settings into effect. 


54.8.5 Agent Performance 


By default, the Viewer starts 5 worker threads and adds additional threads as needed until reaching 
15 threads. If users experience unacceptable delays when trying to view documents, you can 
increase the number of worker threads so that documents can be processed more quickly. 


By default, the Viewer Agent has limits on the amount of time it can spend converting a single 
document and on how large a converted document can become. If the documents that users receive 
exceed these limits, you can increase them. 


On NetWare, you can run each worker thread in its own namespace so that a failure of one worker 
thread does not affect other worker threads. 


The following switches configure the performance of the Viewer Agent: 


+ /minworkers 

+ /maxworkers 

* /maxtime 

+ /maxsize 

+ /addrspacename 


After editing the Viewer Agent startup file, stop and restart the WebAccess Agent to put the new 
settings into effect. 


54.8.6 Agent Log Files 


As with the other GroupWise agents, the Viewer Agent creates log files that include error messages 
and other information about Viewer Agent functioning. Log files can provide a wealth of 
information for resolving problems with the Viewer Agent. 


The following switches configure the logging performed by the Viewer Agent: 


+ /log 

+ /loglevel 
+ /logdays 
+ /logmax 


After editing the Viewer Agent startup file, stop and restart the WebAccess Agent to put the new 
settings into effect. 


54.8.7 Client/Server Configuration 


The Viewer Agent communicates with the WebAccess Agent by way of TCP/IP. By default, the 
Viewer Agent uses the first IP address it finds on the server and listens on port 7440. Worker threads 
are assigned port numbers ascending above the main port number. For example, the 5 default worker 
threads would be assigned ports 7441 through 7445. 
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The following switches configure TCP/IP for the Viewer Agent: 
+ lip 
+ /port 


After editing the Viewer Agent startup file, stop and restart the WebAccess Agent to put the new 
settings into effect. 


54.9 Enabling Web Server Data Compression 


By enabling data compression on your Web server, you can increase performance for all WebAccess 
users. However, because this is a change to the configuration of your Web server, it affects all 
programs that interact with the Web server. A side effect of enabling data compression might be a 
decline in Web server scalability. 


+ Section 54.9.1, “Apache 2 on NetWare 6.5,” on page 913 

+ Section 54.9.2, “Apache 2 on Open Enterprise Server (OES) Linux,” on page 914 

+ Section 54.9.3, “Apache 2 on SUSE Linux Enterprise Server 9,” on page 914 

+ Section 54.9.4, “Microsoft Internet Information Server (IIS) on Windows 2003,” on page 914 


54.9.1 Apache 2 on NetWare 6.5 


1 Download Apache 2.0/2.2 for NetWare (http://mirrors.combose.com/apache/httpd/binaries/ 
netware/) from the Apache Software Foundation (http://www.apache.org/). 


2 Extract deflate.nlm from the distribution and copy it to the sys: \apache2\modules 
directory. 


3 Change to the sys : \apache2\conf directory and open the httpd. conf file in a text 
editor. 


4 Locate the LoadModule entries in the file. 


5 Addthe following entry: 
LoadModule deflate module modules/deflate.nlm 

<IfModule mod deflate.c> 

AddOutputFilterByType DEFLATE text/html text/plain text/xml 

DeflateFilterNote Input instream 

DeflateFilterNote Output outstream 

DeflateFilterNote Ratio ratio 

LogFormat 'S{ratio}n%%\t%{outstream}n\t%{instream}n\t"sr"' 
deflate 

CustomLog "|sys:/apache2/bin/rotlogs.nlm sys:/apache2/logs/ 
deflate log 5M" deflate 





























</IfModule> 





NOTE: Lines that appear wrapped in the above example should be entered in the 
httpd.conf file as single lines without line wrapping. 





6 Save the httpd. conf file and exit the text editor. 
7 Restart Apache. 
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54.9.2 Apache 2 on Open Enterprise Server (OES) Linux 


1 As root, change to the /etc/opt/novell/httpd/conf directory and open the 
httpd.conf file. 


2 Locate the LoadModule entries in the file. 


o 


Add the following entry: 


LoadModule deflate module modules/mod deflate.so 
<IfModule mod deflate.c> 
AddOutputFilterByType DEFLATE text/html text/plain text/xml 
DeflateFilterNote Input instream 
DeflateFilterNote Output outstream 
DeflateFilterNote Ratio ratio 
LogFormat 'S{ratio}n%%\t%{outstream}n\tS{instream}n\t"sr"'! 
deflate 
CustomLog logs/deflate log deflate 
</IfModule> 





























NOTE: Lines that appear wrapped in the above example should be entered in the 
httpd.conf file as single lines without line wrapping. 





4 Save the httpd.conf file and exit the text editor. 
5 Restart Apache. 
For more information about data compression on Apache, see Apache Module mod deflate (http:// 


httpd.apache.org/docs/2.0/mod/mod deflate.html) on the Apache Software Foundation (http:// 
www.apache.org/) Web site. 


54.9.3 Apache 2 on SUSE Linux Enterprise Server 9 


The steps for Apache 2 on SUSE Linux Enterprise Server 9 are essentially the same as those for 
Novell Open Enterprise Server, as described in Section 54.9.2, “Apache 2 on Open Enterprise 
Server (OES) Linux,” on page 914, except that you need to know the location of the httpd.conf 
file in your Apache installation. 


54.9.4 Microsoft Internet Information Server (IIS) on Windows 
2003 


1 Open IIS Manager. 

2 Right-click Web Sites, then click Properties. 

3 Select Compress Application Files and Compress Static Files. 

4 Click OK to save the compression settings. 

5 Restart IIS. 
For more information about data compression on IIS, see Using HTTP Compression for Faster 
Downloads (http://www. microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IS/ 


25d2170b-09c0-45fd-8da4-898cf9a7d568.mspx) on Microsoft TechNet (http:// 
technet.microsoft.com/default.aspx). 
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Managing User Access 


You can manage various aspects of user experience with the WebAccess client. 


+ Section 55.1, “Controlling User Access to Mailboxes,” on page 915 
+ Section 55.2, “Setting the Timeout Interval for Inactive Sessions,” on page 920 
+ Section 55.3, “Configuring User Access to WebAccess Features,” on page 921 
+ Section 55.4, “Customizing the WebAccess Interface,” on page 924 


55.1 Controlling User Access to Mailboxes 


You control which users have access to their mailboxes by creating classes of service and assigning 
users membership in a class. For example, if you don’t want users on a particular post office to have 
access to their mailboxes through WebAccess, you can create a class of service that prevents access 
and then assign the entire post office membership in that class. 


The following sections provide information to help you create and manage classes of service: 


+ Section 55.1.1, “Class Membership,” on page 915 

+ Section 55.1.2, “Creating a Class of Service,” on page 916 

+ Section 55.1.3, “Adding Users to a Class of Service,” on page 918 
+ Section 55.1.4, “Maintaining the Access Database,” on page 918 


55.1.1 Class Membership 


When you create a class of service, you assign membership in the class at a domain level, post office 
level, distribution list (group) level, or individual user level, which means that a user could be 
assigned membership in multiple classes. For example, a user might be a member in one class 
because his or her domain is a member; at the same time, the user is a member in another class 
because his or her post office is a member of that class. Because each user can have only one class of 
service, membership conflicts are resolved hierarchically, as shown below: 


Membership assigned to a 


user through a... Overrides membership assigned to the user through the... 


domain + default class of service 

post office + default class of service 
* domain 

distribution list + default class of service 
* domain 
+ post office 

user + default class of service 


+ domain 


+ post office 
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If a user’s membership in two classes of service is based upon the same level of membership (for 
example, both through individual user membership), the class that applies is the one that allows the 
most privileges. For example, if the user belongs to one class of service that allows access to 
WebAccess and another class that prevents access, the class that allows access applies to the user. 


55.1.2 Creating a Class of Service 


1 In ConsoleOne®, right-click the WebAccess Agent object, then click Properties. 
2 Click Access Control > Settings to display the Access Control Settings page. 


Properties of WEBAC70A 


WebAccess | WebPublisher | Access Control + | Reattach | Post Office Links | GroupWise + | NDS Rights + | ot! 
| Settings 


Class of Service: 


: Default Class of Service 


Memberships: 


Member ID Post Office 


Page Options... OK | Cancel | Apply | 








3 Click Create to display the Create New Class of Service dialog box. 


Create New Class of Service (x) 
Name: 


Enter the name of the new class of service above. Ifthe boxes below Cancel 
are checked, you will be prompted to edit the details ofthe class of 


service. Help. 


IV Edit access settings 


IV Select membership 





4 Type a name for the class, then click OK to display the Edit Class of Service dialog box. 


Edit Class of Service 


WebAccess Defaults 


C Allow access 





© Prevent access 


Access will be decided based on the 
settings in the Default Class of Service or 
through membership in another Class of 
Service. 





5 Select one ofthe following options: 
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Inherit Access: Select this option if you want members of this class of service to inherit their 
access from the default class of service or another class of service that they have membership 


1n. 


Allow Access: Select this option to enable members of the class to use WebAccess. 


If you select Allow Access, you must also set a timeout interval. The timeout interval 
determines how long the WebAccess Agent keeps open a dedicated connection to the post 
office on behalf of the user. If the agent does not receive a user request within the specified 
interval, it closes the user’s connection to the post office in order to free up its resources and the 
Post Office Agent’s resources for other uses. 


When the WebAccess Agent closes a user’s connection to the post office, the user is not logged 
out of WebAccess. The user can continue to use WebAccess. As soon as the agent receives a 
request from the user, it opens the user’s connection again. In general, you should leave the 
timeout interval set to the default 20 minutes. 


You can also have users automatically logged out of WebAccess after a specified period of 
activity. WebAccess logout is handled by the WebAccess Application running on the Web 
server, not by the WebAccess Agent. For information, see Section 55.2, “Setting the Timeout 
Interval for Inactive Sessions,” on page 920. 


Prevent Access: Select this option to prevent members of the class from using WebAccess. 
6 Click OK to display the Select GroupWise Object dialog box. 
7 Select Domains, Post Offices, Distribution Lists, or Users to display the list you want. 


8 In the list, select the domain, post office, distribution list, or user you want, then click Add to 
add the object as a member in the class. You can Ctrl+click or Shift+click to select multiple 


users. 


Select GroupWise Object 


Fitter: 








ObjectiD | Domain 


FT 


| Post Office I First Name Last Name cancer | 





adharmapalan Provo3 
Provo2 
Provo1 
Provo3 
Provo3 
Provo3 
Provo3 
Provo1 
Provo1 
Provo3 
Provo1 
Provo1 
Provo2 
Provo3 
Provo1 


Marketing 
Sales 
Development 
Marketing 
Marketing 
Marketing 
Marketing 
Development 
Development 
Marketing 
Legal 
Development 
Sales 
Marketing 
Development 


Charles 
Flavian 
Fred 
Grace 
Heather 
Janet 
James 
John 
Jason 
Ishmael 
Matt 


Dharmapalan 
Ramirez 
Skoczylas 
Gensomino 
Botton 
Haughey 
Thompson 
Smith 
Sarmiento 
DeSoto 
Mallory 
Pangilinan 
Stevens 
Yacoub 
Barnard 


| Fa] 
Help 


© Domains 

© Post Offices 

© Distribution Lists 
E @ Users 





9 To add additional domains, post offices, distribution lists or users as members of the class of 
service, select the class of server, then click Add to display the Select Group Wise Object dialog 


box. 


10 Click OK (on the Settings page) when finished adding members. 
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55.1.3 Adding Users to a Class of Service 


The following steps help you add users to an existing class of service. For information about adding 
new classes of service, see Section 55.1.2, “Creating a Class of Service,” on page 916. 
1 In ConsoleOne, right-click the WebAccess Agent object, then click Properties. 
2 Click Access Control > Settings to display the Access Control Settings page. 
Properties of WEBAC70A 
WebAccess | WebPublisher | Access Control v | Reattach Post Office Links | GroupWise + | NDS Rights vl oti 
| Settings | 


Class of Service: 





Default Class of Service 


Marketing 


Memberships: 








Member ID Post Office Domain 
jadharmapalan Marketing Provo3 
bgelsomino Marketing Provo3 
cholton Marketing Provo3 
fhaughey Marketing Provo3 





‘thompson Marketing Provo3 
jdesoto Marketing Provo3 
jyacoub Marketing Provo3 
Imlamaroux Marketing Provo3 
rsteadman Marketing Provo3 
ladharmapalan Marketing Provo3 


Iinalonmine Marbatines Draun? 


Page Options... OK | Cancel | Apply | Help | 











3 In the Class of Service list, select the class you want to add members to, then click Add to 
display the Select GroupWise Object dialog box. 


4 Select Domains, Post Offices, Distribution Lists, or Users to display the list you want. 


5 In the list, select the domain, post office, distribution list, or user you want, then click Add to 
add the object as a member in the class. 


6 Repeat Step 3 through Step 5 for each object you want to add. 


55.1.4 Maintaining the Access Database 


The Access database stores the information for the classes of service you have set up to control user 
access to Group Wise? WebAccess. When problems occur, you can validate the database to check 
for physical inconsistencies with the database records and indexes. Ifinconsistencies are found, you 
can recover the database. 


The Access database, gwac . db, is located in the domain\wpgate\webac 70a directory. 
This section includes the following information: 


+ “Validating the Access Database” on page 919 


+ “Recovering the Access Database” on page 919 
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Validating the Access Database 


Validating the Access database checks for physical inconsistencies with the database’s records and 
indexes. 

1 In ConsoleOne, right-click the WebAccess Agent object, then click Properties. 

2 Click Access Control > Database Management to display the Database Management page. 


Properties of WEBAC70A 


WebAccess | WebPublisher Reattach | Past Office Links | GroupWise + | NDS Rights v | { 


Validate Database 
Validate checks for physical consistency. If problems are found, you should perform a Recover. 


Validate Now... 


Recover Database 


Recover can be performed even when the database is in use. Any database inconsistencies will be corrected, but may 
result in loss of information. 


Recover Now... 





Page Options... Cancel 





3 Click Validate Now. 
4 After the database has been validated, click OK. 


If inconsistencies are found, see “Recovering the Access Database” on page 919. 


Recovering the Access Database 


When you recover the Access database, a new database is created and all salvageable records are 
copied to the new database. Because some records might not be salvageable, after the recovery you 
should check the classes of services you have defined to see if any information was lost. 


1 In ConsoleOne, right-click the WebAccess Agent object, then click Properties. 
2 Click Access Control > Database Management to display the Database Management page. 
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Properties of WEBAC70A 
WebAccess | WebPublisher | Access Control Reattach | Post Office Links | GroupWise + | NDS Rights + | { 


| Database Managemet 


Validate Database: 
Validate checks for physical consistency. If problems are found, you should perform a Recover. 


Validate Nowy... 


Recover Database 
Recover can be performed even when the database is in use. Any database inconsistencies will be corrected, but may 
result in loss of information. 


Recover Now... 





Page Options... 





3 Click Recover Now. 
4 After the database has been recovered, click OK. 


55.2 Setting the Timeout Interval for Inactive 
Sessions 


By default, users are logged out of GroupWise WebAccess after 20 minutes if they have not 
performed any actions that generate requests. Actions such as opening or sending a message 
generate requests. Other actions, such as scrolling through the Item List, composing a mail message 
without sending it, and reading Help topics, do not generate requests. 


The timeout interval provides security for WebAccess users who forget to log out. It also helps the 
performance of the Web server by freeing the resources dedicated to that user’s connection. 


The WebAccess Application on the Web server controls the timeout. At the time the user is logged 
out, the WebAccess Application saves the user’s current session to a directory on the Web server, 
where it is stored for 24 hours. If the logged-out user attempts to continue the session, he or she is 
prompted to log in again, after which the WebAccess Application renews the session. For example, 
suppose a user is composing a message when the timeout interval expires and then attempts to send 
the message. The user is prompted to log in again, after which the message is sent. No information is 
lost. 





IMPORTANT: This timeout interval is different than the one you can establish when creating a 
class of service (see Section 55.1.2, “Creating a Class of Service,” on page 916). That timeout 
interval determines how long the WebAccess Agent keeps open a session with an inactive user, and 
this timeout interval determines how long the WebAccess Application maintains an inactive session. 
In general, if the WebAccess Agent session times out, users do not notice; the next time they make a 
request, the WebAccess Agent opens a new session. However, if the WebAccess Application session 
times out, users are prompted to log in again. 





To modify the timeout interval: 
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1 In ConsoleOne, right-click the WebAccess Application object, click Properties, then click 
Application > Security to display the Security page. 


Properties of GroupWiseWebAccess 
Application + | NDS Rights + | Other | 
Security 


Timeout 


Timeout for inactive sessions: | 20 4 


Path for inactive sessions: |, BD-NvVisystNovelliwebaccess\users 





Securing Sessions 


IV Use client IP in securing sessions 


User Interface Use Cookies Disable Caching 
Standard HTML — | a 
Handheld Device Markup Language 
Wireless Markup Language 
Basic HTML 
feb Clipping 



































single sign-on 


Trusted Server Logout URL (Optional) Enabled Add 








Page Options... Cancel | Apply | Help | 








2 Inthe Timeout for Inactive Sessions box, select the number of minutes for the timeout interval. 


3 In the Path for Inactive Sessions box, select the path for the directory where you want inactive 
sessions stored. 


4 Click OK. 
The timeout interval applies to all users who log in through the Web server where the WebAccess 
Application is running. You cannot set individual user timeout intervals. However, if you have 


multiple Web servers, you can set different timeout intervals for the Web servers by completing the 
above steps for each server’s WebAccess Application. 


55.3 Configuring User Access to WebAccess 
Features 


By default, WebAccess users can: 


+ Spell check messages 

+ Search LDAP directories 

+ Change their GroupWise mailbox passwords 
+ Use Document Management Services 

+ Open attachments in native format 

+ Open documents in native format 

+ View attachments in HTML format 

+ View documents in HTML format 


Access to these features is controlled by the WebAccess Application on the Web server. All users 
who log in through the Web server have the same feature access. You cannot configure individual 
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user settings. However, if you have multiple Web servers, you can establish different settings for the 
Web servers by completing the following steps for each server’s WebAccess Application. 


To configure the WebAccess feature settings: 


1 In ConsoleOne, right-click the WebAccess Application object, then click Properties. 
2 Click Application > Settings to display the Application Settings page. 


Properties of GroupWiseWebAccess 


NDS Rights + | Other | 


[V Spell check items 

[ Search LDAP directories 

[V Change passwords 

[V Access document management 

[V Open attachments in native format 


[ Open documents in native format 





Include only files with these extensions: 
Comma separated list of extensions( eg: doc,xis,ppt ) 


IV View attachments in HTML format 





[V View documents in HTML format 





Exclude files with these extensions: 


Comma separated list of extensions( eg: x!s,Zip,tar ) 
Maximum file view size (KB): 1024 z 
v 


Customize Settings in XML 
Page Options... Cancel 














3 Configure the following settings: 


Spell Check Items: Enable this option if you want users to be able to use the Novell® Speller 
to spell check an item’s text before sending the item. Disable this option to remove all Spell 
Check features from the user interface. 


Search LDAP Directories: Enable this option if you have an LDAP server and you want users 
to be able to search any LDAP address books you have defined. Disable this option to remove 
all LDAP features from the user interface. 


Change Passwords: Enable this option if you want users to be able to change their Mailbox 
passwords. Disable this option to remove all Password features from the user interface. 


Access Document Management: Enable this option if you want users to be able to use the 
Document Management features. Disable this option to remove all Document Management 
features from the user interface (for example, the Documents tab in the WebAccess client). 


Open Attachments in Native Format: By default, the Save As option enables users to save 
message attachments to their local drives and then open them in their native applications. You 
can turn on this option to enable the Open option. The Open option enables users to open 
message attachments directly in their native applications without first saving the files to the 
local drive. 


This option requires that 1) each user’s Web browser knows the correct application or plug-in 
to associate with the attachment, according to its file extension or MIME type, and 2) the 
application or plug-in is available to the user. Otherwise, the user is prompted to save the file to 
disk or specify the application to open it. 
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This option and the View Attachments in HTML Format option can both be enabled at the same 
time. Doing so gives users both the Open option and the View option, which means they have 
the choice of opening an attachment in its native application or viewing it as HTML. 


Open Documents in Native Format: By default, the Save As option enables user to save 
library documents to their local drives and then open them in their native applications. You can 
turn on this option to enable the Open option. The Open option enables users to open 
documents directly in their native applications without first saving the files to the local drive. 


This option requires that 1) each user’s Web browser knows the correct application or plug-in 
to associate with the document, according to its file extension or MIME type, and 2) the 
application or plug-in is available to the user. Otherwise, the user is prompted to save the file to 
disk or specify the application to open it. 


This option and the View Documents in Native Format option can both be enabled at the same 
time. Doing so gives users both the Open option and the View option, which means they have 
the choice of opening a document in its native application or viewing it as HTML. 


If you want only certain file types to be have the Open option, enter the file types in the Include 
Only Files With These Extensions field. Include only the extension and separate each extension 
with a comma (for example, doc, xls, ppt). The Open option is not available for any file types 
not entered in this field. 


View Attachments in HTML Format: Enable this option if you want users to be able to view 
any type of attachments in HTML format. Disable this option to require users to save an 
attachment to a local drive and view it in its native application. WebAccess uses Stellent 
Outside In HTML Export to convert files to HTML format. 


For a list of the supported file format conversions, download the following document from the 
Stellent Web site: 


Outside In Supported Platforms and File Formats (http://www.stellent.com/stellent3/groups/ 
mkt/documents/nativepage/outside_in_supported_platforms.pdf) 


This option and the Open Attachments in Native Format option can both be enabled at the same 
time. Doing so gives users both the View option and the Open option, which means they have 
the choice of viewing an attachment as HTML or opening it in its native application. 


View Documents in HTML Format: Enable this option if you want users to be able to view 
library documents in HTML format. Disable this option to require users to save a document to 
a local drive and view it in its native application. WebAccess uses Stellent Outside In HTML 
Export to convert files to HTML format. 


For a list of the supported file format conversions, download the following document from the 
Stellent Web site: 


Outside In Supported Platforms and File Formats (http://www.stellent.com/stellent3/groups/ 
mkt/documents/nativepage/outside_in_supported_platforms.pdf) 


This option and the Open Documents in Native Format option can both be enabled at the same 
time. Doing so gives users both the View option and the Open option, which means they have 
the choice of viewing a document as HTML or opening it in its native application. 


If you want to exclude certain file types from having the View option, enter the file types in the 
Exclude Files With These Extensions field. Include only the extension and separate each 
extension with a comma (for example, doc, xls, ppt). The View option is available for any file 
types not entered in this field. 


4 Click OK. 
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55.4 Customizing the WebAccess Interface 


GroupWise WebAccess enables you to change the default Novell logo and colors used in the 
WebAccess interface. For example, you can add your company logo to the main WebAccess 
window and change the colors to match your company colors. 


You use the customization. properties file to change the logo and colors. 
1 Open the customization.properties file with a text editor. 


The file is located in the following platform-specific directory: 








NetWare tomcat_dir\webapps\gw\WEBINF\classes\com\novell\webaccess\ 

and templates 

Windows: 

Linux: tomcat_dir/webapps/gw/WEB-INF/classes/com/novell/webaccess/ 
templates 


2 Ifyou want to change the logo image: 
2a Locate the CUSTOMIZABLE IMAGE FOR GROUPWISE WEBACCESS section at the 
beginning of the file. 
2b To turn on customization for the logo image, set the WebAccess.Customize.Image.enable 
property to TRUE: 
WebAccess.Customize.Image.enable=tru 





2c Modify the image properties as desired. The customization.properties file contains 
descriptions of each property. 


3 If you want to change the WebAccess colors: 


3a Locate the CUSTOMIZABLE COLORS SCHEME FOR GROUPWISE WEBACCESS 
section in the file. 


3b To turn on customization of the colors, set the WebAccess.Customize.Color.enable setting 
to TRUE: 


WebAccess.Customize.Color.enable=true 


3c Modify the color properties as desired. The customization.properties file contains 
descriptions of each property. 


4 Save the customization. properties file. 
5 Restart the Web server. 


6 Ina Web browser, clear the browser cache, then log in to GroupWise WebAccess. 
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Monitoring WebAccess 
Operations 


The WebAccess Agent can be monitored at the server where it runs and also in your Web browser. 
The WebAccess Application and the Document Viewer Agent can be monitored in your Web 
browser. You can also use log files to monitor any WebAccess component. 

¢ Section 56.1, “Monitoring the WebAccess Agent,” on page 925 

+ Section 56.2, “Monitoring the WebAccess Application,” on page 934 

+ Section 56.3, “Monitoring the Document Viewer Agent,” on page 935 

+ Section 56.4, “Using WebAccess Log Files,” on page 937 


56.1 Monitoring the WebAccess Agent 


The following sections explain the various methods you can use to monitor the Group Wise” 
WebAccess Agent to ensure that it is operating properly. 

+ Section 56.1.1, “Using the WebAccess Agent Server Console,” on page 925 

+ Section 56.1.2, “Using the WebAccess Agent Web Console,” on page 929 

+ Section 56.1.3, “Using Novell Remote Manager,” on page 932 

+ Section 56.1.4, “Using an SNMP Management Console,” on page 932 


+ Section 56.1.5, “Assigning Operators to Receive Warning and Error Messages,” on page 932 





+ Section 56.1.6, “Using WebAccess Agent Error Message Documentation,” on page 933 
+ Section 56.1.7, “Employing WebAccess Agent Troubleshooting Techniques,” on page 934 


56.1.1 Using the WebAccess Agent Server Console 


+ “NetWare: Using the WebAccess Agent Server Console” on page 925 

+ “Linux: Using the WebAccess Agent Server Console” on page 927 

+ “Windows: Using the WebAccess Agent Server Console” on page 928 
NetWare: Using the WebAccess Agent Server Console 


The NetWare® WebAccess Agent console, shown below, lets you monitor the operation of the agent, 
view the agent’s log information, and change the log settings while at the server. 
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Figure 56-1 WebAccess Agent Console 


Up Time: 0 


HITP: Disabled 
HTTP Port: 0 
L: Disabled 





Fl = Help F? = Exit F9 = Browse Logfile F10 = Options 
The console and its options are described below. 
Up Time 
The Up Time field displays how long it has been since the WebAccess Agent was started. 


Threads 


The default of 12 threads enables the WebAccess Agent to service 12 user reguests at one time. The 
Busy field displays the number of threads that are currently servicing user requests. The Total field 
displays the total number of threads available to service requests (by default, 12). The Peak field 
displays the most threads used at one time to service requests. If all threads are busy much of the 
time, you can increase the number of threads available for use. See Section 54.1.1, “Modifying 
WebAccess Settings,” on page 870. 


Users In 


The Users In field displays the number of users who currently are logged in. During startup, if you 
have enabled WebPublisher, the WebAccess Agent logs in one time for each available thread; these 
logins are reflected in the Users In fields. The Total field displays the total number of users who 
have logged in during the current up time. The Peak field displays the most users who have been 
logged in at one time. 


By default, a maximum of 250 users can be logged in at one time. You can use the /maxusers startup 
switch to change the default. See Section 57, “Using WebAccess Startup Switches,” on page 945. 


Requests 


The Total field displays the total number of requests the WebAccess Agent has processed during its 
current up time. The Errors field lists the number of requests that could not be processed because of 
errors. 
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Logging Box 


The Logging box displays the logged information. The current log level determines the amount of 
information that is displayed (see Section , “F10 = Options,” on page 927). For each line, the first 
item is the number of the thread that processed the user’s request, the second item is the time of the 
request, and the third item is the information associated with the request. 


F7 = Exit 
Press F7 to shut down the WebAccess Agent. 


F9 = Browse Logfile 


Press F9 to view the log file. If disk logging is turned on, the current log file is displayed. If disk 
logging is turned off, a list of old log files is displayed (if any exist). You can then choose which log 
file you want to view. 


F10 = Options 


Press F10, then select View Log Files or Logging Options. Using the logging options, you can 
specify the logging level, turn disk logging on or off, specify the number of days to keep old log 
files, and specify the maximum amount of disk space to use for log files. 


Any changes you make to the logging options apply only to the current session. When you restart 
the WebAccess Agent, the logging level is reset to the level specified in ConsoleOne® or in the 
startup file (strtweb.ncf). 


Log Level: Off turns logging off; Normal displays initial statistics, user logins, warnings, and errors; 
Verbose displays Normal logging plus user requests; and Diagnostic displays Verbose logging plus 
thread information. The default is Normal logging. Use Diagnostic only if you are troubleshooting a 
problem with WebAccess. 


File Logging: Turns disk logging on or off. When disk logging is turned on, the WebAccess Agent 
creates a new log file each day and each time it is restarted. The log file is named mmddweb . nnn, 
where mm is the month, dd is the day, and nnn is a sequenced number (001 for the first log file of the 
day, 002 for the second, and so forth). The default location for the log files is the 
domain\wpgate\webac70a\xxx.prc directory. 


The verbose and diagnostic logging levels do not degrade WebAccess Agent performance, but log 
files saved to disk consume more disk space when verbose or diagnostic logging is in use. 


Max Log File Age: Specifies the number of days you want the WebAccess Agent to retain old log 
files. The WebAccess Agent retains the log file for the specified number of days unless the 
maximum disk space for the log files is exceeded. The default age is 7 days. 


Max Log Disk Space: Specifies the maximum amount of disk space you want to use for log files. If 
the disk space limit is exceeded, the WebAccess Agent deletes log files, beginning with the oldest 
file, until the limit is no longer exceeded. The default disk space is 65536 KB. 


Linux: Using the WebAccess Agent Server Console 


By default, the Linux Agent runs as a daemon with no user interface. To display information on the 
server where the WebAccess Agent runs, you must start the WebAccess Agent with the --show 
startup switch. The console is displayed in a terminal window. 
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Figure 56-2 Linux WebAccess Agent Server Console 





& shell - Konsole 





Session Edit View Bookmarks Settings Help 





000 13:15:28 

(099 13:15:28 General Settings: 

000 13:15:28 Agent Version: 7.0 (7/14/2007) 

000 13:15:28 Gateway Home Directory: /gusystem/waltham2/upgate/webac?0a 
000 13:15:28 Linux Release 2.6.5-7.147-default 

000 13:15:28 SNMP: Disabled 

000 13:15:28 Work Directory: /opt/novell/groupuise/agents/share/tmpF iles 


000 13:15:28 Log Settings: 
000 13:15:28 Log File: /var/log/nouell/groupuise/ualtham2 .webac70a/000 . prc/072 


000 13:15:28 Log Level: NORMAL 
000 13:15:28 Max Log File Age (days): 7 
000 13:15:28 Max Log Disk Space (kb): 65536 


000 13:15:28 Client/Server Settings: 

000 13:15:29 IP Address: pru-gudoc (173.15.4.14) 

000 13:15:29 TCP Port for Incoming Connections: 7205 
000 13:15:29 Client/Server over SSL: Disabled 

000 13:15:29 WebConsole: Enabled 





000 13:15:29 WebConsole Url: http://173.15.4.14:7211 4 
000 13:15:29 + 
28 E Shell 


Windows: Using the WebAccess Agent Server Console 


The Windows WebAccess Agent server console lets you monitor the operation of the agent. The 
server console, shown below, is displayed in a DOS window. 


Figure 56-3 Windows WebAccess Agent Server Console 


yâ Novell GroupWise WebAccess E 


:57 20006 WebAccess Configuration Information we 

257 

:57 General Settings: 

:57 Agent Version: 7.0 <7/12/2887) 
Gateway Home Directory: C:Ngwsystem\provo2\wpgate\WEBAC7OØA 
Server Platform: Windows NT 5.@ Build 2195 Service Pack 4 
SNMP: Enabled 
Work Directory: .\tmpFiles 


Log Settings: 
Log File: \gus ys tem\provo2\upgate\WEBAC7GA\ 486. prc 671 4ueb. 861 
Log Level: NORMAL 
Max Log File Age “days>: 7 
Max Log Disk Space <kh>: 1624 


Client/Server Settings: 
IP Addre jbd-w2k <173.15.4.16) 
TCP Port for Incoming Connections: 7205 
Client/Server over SSL: Disabled 
WebConsole: Enabled 
WebConsole Url: http://173.15.4.16:7211 


Performance Settings: 
Processing Threads: 12 <Default> 





The console and its options are described below. 
Logging Window 


The current logging level determines the amount of information that is displayed. You can specify 
the logging level through ConsoleOne, through startup switches, or by using the F2 function key. 
See “Modifying WebAccess Agent Log Settings in ConsoleOne” on page 939, “Modifying 
WebAccess Agent Log Settings through Startup Switches” on page 940, and “F2” on page 929. 


The verbose and diagnostic logging levels do not degrade WebAccess Agent performance, but log 
files saved to disk consume more disk space when verbose or diagnostic logging is in use. 


For each line, the first item is the number of the thread that processed the user’s request, the second 
item is the time of the request, and the third item is the information associated with the request. 
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F1 or F7 


Shuts down and exits the agent. 


F2 


Cycles the logging level among Normal, Verbose, and Diagnostic. Normal displays initial statistics, 
user logins, warnings, and errors; Verbose displays Normal logging plus user requests; and 
Diagnostic displays Verbose logging plus thread information. The default is Normal logging. Use 
Verbose only if you are troubleshooting a problem with WebAccess. 


The verbose and diagnostic logging levels do not degrade WebAccess Agent performance, but log 
files saved to disk consume more disk space when verbose or diagnostic logging is in use. 


Any changes you make to the logging level using F2 apply only to the current session. When you 
restart the WebAccess Agent, the logging level is reset to the level specified in ConsoleOne or in the 
startup file (strtweb.bat). 


56.1.2 Using the WebAccess Agent Web Console 


You can use a Web browser interface, referred to as the Web console, to monitor the WebAccess 
Agent. 


Figure 56-4 WebAccess Agent Web Console 





GroupWise 7.0.0 WebAccess - WWEBAC70A Provo1 


Status | Configuration | Environment | Log Files | Help 








Up Time: 3 Days 2 Hours 16 Minutes 


Total Busy Peak 
0 0 0 


C/S Users 





C/S Handler Threads 12 1 1 
Total 

C/S Requests 7 

C/S Requests Failed 0 

Memory 523903 KB 

Processor Utilization 2% 


Through the Web console you can view the following information: 


+ Status: Displays how long the WebAccess Agent has been up; the number of client/server 
users who have logged in, the number of threads dedicated to handling requests, and the 
number of successful and failed requests; and the amount of memory on the server and the 
percent of processor utilization. 


+ Configuration: Displays the gateway home directory being used by the WebAccess Agent, the 
current log settings, the performance settings (processing threads and maximum users), and the 
client/server settings (IP address, TCP port, and so forth). 


+ Environment: Displays server information such as name, operating system date, memory, 
processor utilization, and loaded modules. 


+ Log Files: Lets you view the contents of the WebAccess Agent’s log files and the current log 
settings. 


For detailed information about each field on the Status, Configuration, Environment, or Log Files 
page, select the page, then click Help. 
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You cannot use the Web console to change any of the WebAccess Agent’s settings. Changes must be 
made through ConsoleOne, the WebAccess Agent console, or the startup file. 


Refer to the following sections for information about enabling and using the Web console: 


+ “Enabling the WebAccess Agent Web Console” on page 930 
+ “Viewing the WebAccess Agent Web Console” on page 931 


Enabling the WebAccess Agent Web Console 


The default HTTP port for the WebAccess Agent Web console is established during WebAccess 
Agent installation. You can change the port number and increase security after installation in 
ConsoleOne. 


1 In ConsoleOne, right-click the WebAccess Agent object, then click Properties. 
2 Click GroupWise > Network Address to display the Network Address page. 


Properties of WEBAC70A 


WebAccess | WebPublisher | Access Control ~| Reattach | Post Office Links | GroupWise ~v | NDS Rights -| < 
| Network Address 





TCPAP Address: jibd-nwprovo.novell.com 





IPX/SPX Address: | 
D Bind Exclusively to TCPAP Address 


Port SSL 
7211 $| [Disabled > | 
7205 +! 


Client/Server: Disabled x | 

















Page Options... Cancel | Apply | Help | 





3 Inthe HTTP Port field, specify a port number. We recommend that you use port 7211 if it is not 
already in use on the WebAccess Agent’s server. 
Assigning a port number enables the Web console; assigning 0 as the port number disables the 
Web console. 
Any user who knows the WebAccess Agent’s IP address (or hostname) and the HTTP port 


number can use the Web console. If you want to restrict Web console access, you can assign a 
username and password. To do so: 


4 Click the GroupWise tab, then click Optional Gateway Settings to display the Optional 
Gateway Settings page. 
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Properties of WEBAC70A 


WebAccess | WebPublisher | Access Control + | Reattach | Post Office Links | GroupWise + | nos Righ 
| Optional Gateway Settings | 





Directory Sync/Exchange: None 





Accounting: 





Convert Status to Messages: 





Outbound Status Level: 








Leal Le} Le Lei ls 


Enable Recovery: 


Retry Count: 10 4 (1-99) 


Retry Interval: 5 = seconds 





Failed Recovery Wait: 3600 od seconds 





Network Reattach Command: 








Correlation Enabled: Yes 





Correlation Age: 14 = days 


HTTP Settings 





HTTP User Name: | 


HTTP Password: Set Password 


Page Options... Cancel Apply | Help 








5 Inthe HTTP User Name field, enter an arbitrary username (for example, webcon). 
6 Click Set Password to assign a password (for example, monitor). 


7 Click OK to save your changes. 


Viewing the WebAccess Agent Web Console 


1 Ina Web browser, enter the following: 
http://IP address:agent port 


or 
https://IP address:agent port 


where IP. address is the IP address of the server where the WebAccess Agent is running, and 
agent portis the port number assigned to the agent. If you used the default port during 
installation, the port number is 7211. 


2 Ifprompted, enter the Web console username and password. 








C/S Users 0 0 0 
C/S Handler Threads 12 1 1 





C/S Requests 7 
C/S Requests Failed 0 
Memory 523903 KB 
Processor Utilization 2% 


3 Select Status, Configuration, Environment, or Log Files to view the desired information. 


For detailed information about each field on the Status, Configuration, Environment, or Log 
Files page, select the page, then click Help. 
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56.1.3 Using Novell Remote Manager 


If the WebAccess Agent is running on NetWare 6.5 or on Novell Open Enterprise Server (OES), you 
can use the IP Address Management feature in Novell Remote Manager (Manage Server > IP 
Address Management) to view the IP address and port configuration for the WebAccess Agent. This 
is also true for other GroupWise agents (MTA, POA, and Internet Agent) running on NetWare 6.5/ 
OES servers. 





IMPORTANT: If the WebAccess Agent is running on NetWare in protected mode, it does not 
display in Novell Remote Manager. 





You access Novell Remote Manager by entering the following URL in a Web browser: 
http://server address: 8008 


For example: 
http://172.16.5.18:8008 


For more information about using Novell Remote Manager, see the NetWare 6.5 documentation 
(http://www.novell.com/documentation/nw65) and the Novell Open Enterprise Server 
Documentation Web site (http://www.novell.com/documentation/oes). 


56.1.4 Using an SNMP Management Console 


The WebAccess Agent can be monitored through an SNMP management console, such as the one 
provide with Novell® ZENworks® Server Management. 


Before you can monitor the WebAccess Agent through an SNMP management console, you must 
compile the WebAccess Agent’s MIB (Management Information Base) file. The Internet Agent’s 
MIB file, named gwweb . mib, is located in the agents\snmp directory on the GroupWise 7 
Administrator CD or in the GroupWise software distribution directory. 


The MIB file contains all the Trap, Set, and Get variables used for communication between the 
WebAccess Agent and management console. The Trap variables provide warnings that point to 
current and potential problems. The Set variables allow you to configure portions of the application 
while it is still running. The Get variables display the current status of different processes of the 
application. 


To compile the MIB file: 


1 Copy the WebAccess Agent MIB (gwweb.mib) to the SNMP management console’s MIB 
directory. 
2 Compile the MIB file. 


3 Create a profile that uses the WebAccess Agent MIB, then select that profile. 


56.1.5 Assigning Operators to Receive Warning and Error 
Messages 


You can select GroupWise users to receive warning and error messages issued by the WebAccess 
Agent. Whenever the agent issues a warning or error, these users, called operators, receive a 
message in their mailboxes. You can specify one or more operators. 


To assign an operator: 
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1 In ConsoleOne, right-click the WebAccess Agent object, then click Properties. 


2 Click GroupWise > Gateway Administrators to display the Gateway Administrators page. 


Properties of WEBAC70A 


WebAccess | ‘WebPublisher | Access Control v | Reattach | Post Office Links | GroupWise v | NDS Rights 
| Gateway Administrators 








Administrator Role 


Page Options... Cancel | Apply | Help 





Properties of WEBAC70A 


WebAccess | WebPublisher | Access Control + | Reattach | Post Office Links | GroupWise 
| Gateway Administrator 


Administrator Role 

[V Operator 

I Accountant 

[ Postmaster 

T Foreign Operator 





Page Options... OK | Cancel | Apply | Help 





4 Make sure Operator is selected as the Administrator Role. 
5 Ifdesired, add additional operators. 
6 Click OK. 





56.1.6 Using WebAccess Agent Error Message Documentation 


WebAccess Agent error messages are documented with the source and explanation of the error, 
possible causes of the error, and actions to take to resolve the error. See “WebAccess Agent Error 


Messages” in Group Wise 7 Troubleshooting 1: Error Messages. 
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56.1.7 Employing WebAccess Agent Troubleshooting 
Techniques 


If you are having a problem with the WebAccess Agent but not receiving a specific error message, 
or if the suggested actions for the specific error did not resolve the problem, you can review more 
general troubleshooting strategies for dealing with WebAccess Agent problems. See “Strategies for 
Agent Problems” in GroupWise 7 Troubleshooting 2: Solutions to Common Problems. 


56.2 Monitoring the WebAccess Application 


The WebAccess Application includes a Web console, similar to the WebAccess Agent’s Web 
console, that you can use to monitor it. The Web console lets you see information about logged in 
users, such as their IP address, their GroupWise and Web browser versions, and the WebAccess 
Agent providing mailbox access. In addition, you can view the WebAccess Application’s log files 
and configuration files, and view Java information such as the version and classpath settings. 


The following sections provide information to help you use the Web console: 


+ Section 56.2.1, “Enabling the WebAccess Application Web Console,” on page 934 
+ Section 56.2.2, “Using the WebAccess Application Web Console,” on page 935 


56.2.1 Enabling the WebAccess Application Web Console 


1 Edit the webacc.cfg file, located in the WebAccess Application’s home directory, which 
varies by platform. 





NetWare novell\webaccess\users on the Web server 
and 

Windows: 

Linux: /opt/novell/groupwise/webaccess/users 





2 Locate the following lines in the file: 


Admin.WebConsole.enable=fals 
Admin.WebConsole.username=admin 
Admin.WebConsole.password=admin 


3 Enable the Web console by changing the FALSE entry to TRUE: 
Admin.WebConsole.enable=tru 








4 If desired, change the default username and password. A username and password is required. 
5 Save the file. 
6 Restart Tomcat. 


NetWare: java -exit 

tomcat4 
Linux: /etc/init.d/novell-tomcat restart 
Windows: Restart the Tomcat service 
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56.2.2 Using the WebAccess Application Web Console 
1 Ina Web browser, enter the following URL: 
http://server_address/gw/webacc?action=Admin.Open 


where server_address is the Web server’s IP address or DNS hostname. 


2 When prompted, enter the username and password. 


The Web console is displayed. 





Novell GroupWise WebAccess Application 


Status | Configuration | Log Files | Refresh | Help 





Up Time: 3 Days 3 Hours 12 Minutes 





User Information - 1 Active User(s) 





Logged In Last Access Client IP User Id Agent Version Browser 
07/26/06 14:25 07/26/06 14:25 172.15.44.24 mpalu.Development.Provol prv-qw.provo.novell.com:7211 v7.0  Mozilla/5.0 





Total Active Users: 1 


56.3 Monitoring the Document Viewer Agent 


Like the WebAccess Agent, the Document Viewer Agent has a server console and a Web console 


+ Section 56.3.1, “Using the Document Viewer Agent Server Console,” on page 935 


¢ Section 56.3.2, “Using the Document Viewer Agent Web Console,” on page 935 


56.3.1 Using the Document Viewer Agent Server Console 


The Document Viewer Agent server console functions just like the WebAccess Agent server 
console. For more information, see Section 56.1.1, “Using the WebAccess Agent Server Console,” 
on page 925. 


56.3.2 Using the Document Viewer Agent Web Console 
Like the WebAccess Agent, the Document Viewer Agent also has a Web console. 

¢ “Enabling the Document Viewer Agent Web Console” on page 935 

+ “Viewing the Document Viewer Agent Web Console” on page 936 
Enabling the Document Viewer Agent Web Console 


Because the Document Viewer Agent is currently configured using switches in its startup file, you 
must activate the switches that pertain to its Web console. 


1 Use an ASCII text editor to edit the Document Viewer Agent startup file (gwdva . dva). 
The default location of the startup file depends on the platform where the Document Viewer 


Agent is running: 


NetWare: sys:\system 
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Linux: /opt/novell/groupwise/agents/share 


Windows: c:\webacc 


2 Scroll down to the HTTP monitoring section. 


3 Remove the comment character (;) from the /http startup switch to enable HTTP for the 
Document Viewer Agent. 


4 Ifthe default HTTP port of 7439 is already in use on the server, remove the comment marker 
from the /httpport switch and provide a unique port number. 


5 Ifyou want to secure the Document Viewer Agent Web console by requiring a username and 
password to access it, remove the comment characters from the /httpuser and /httppw switches, 
then provide a username and password. 


6 Save the gwdva. dva file, then exit the text editor. 

7 Restart the WebAccess Agent to put the new settings into effect. 
Each time you update the WebAccess software, the existing gwdva . dva file is backed up as 
gwdva . nnn. Therefore, after updating the WebAccess software, you need to rename the modified 


gwdva . nnn file back to gwdva . dva or repeat the editing changes in the updated gwdva . dva 
file. 


Viewing the Document Viewer Agent Web Console 
1 Ina Web browser, enter the following URL: 
http://server_address:port_number 


where server_address is the Web server’s IP address or DNS hostname and port_number is 
7439 or whatever port number you have specified in the Viewer Agent startup file. 


2 Ifyou provided a username and password in the startup file, enter the username and password 
when prompted. 


The Web console is displayed. 


provo novell.com 





Status | Configuration | Environment | Log Files | Problem Files | Quarantine Files | Help 











Up Time: 3 Days 2 Hours 48 Minutes 

Total Busy Peak 
Worker Processes 2 1 1 
Server Information 
Memory 523903 KB 
Processor Utilization 1% 
Connections 47 (3 in use) 


Request Statistics 





Total Cache Hits 

File Identification Requests 
File Conversion Requests 
Failed Requests 

Worker abends 

Fatal viewer errors 

Critical viewer errors 

Other viewer errors 

Exceeded size limit 

Exceeded time limit 

Other errors 


(=) 


o000000000 
oo000000 
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Through the Web console you can view the following information: 


¢ Status: Displays how long the Document Viewer Agent has been up, the number of worker 
threads it has started, the current server utilization, and statistics about the files the worker 
threads have processed. 


¢ Configuration: Displays the current settings of all the options that you can set in the Viewer 
Agent startup file (gwdva . dva). For more information, see Section 54.8, “Configuring the 
Document Viewer Agent,” on page 909. 


¢ Environment: Displays server information such as name, operating system date, memory, 
processor utilization, and loaded modules. 


+ Log Files: Lets you view the contents of the Viewer Agent’s log files and the current log 
settings. For more information, see Section 56.4.3, “Controlling Document Viewer Agent 
Logging,” on page 943. 


+ Problem Files: Indicates whether a list of problem files is being generated, and if so, what files 
have failed the conversion process. For more information, see Section 54.8.4, “Document 
Cache,” on page 911. 


+ Quarantine Files: Indicates whether the document quarantine is enabled, and if so, what files 
have been quarantined. For more information, see Section 54.8.3, “Document Quarantine,” on 
page 911 


For detailed information about each field on the Status, Configuration, Environment, Log Files, 
Problem Files, or Quarantine Files page, select the page, then click Help. 


You cannot use the Web console to change any of the Viewer Agent’s settings. Changes must be 
made through the Viewer Agent startup file. 


56.4 Using WebAccess Log Files 


Error messages and other information about WebAccess functioning are written to log files as well 
as displaying on the WebAccess server console. Log files can provide a wealth of information for 
resolving problems with WebAccess functioning or message flow. This section covers the following 
subjects to help you get the most from WebAccess log files: 

+ Section 56.4.1, “Controlling WebAccess Agent Logging,” on page 937 

+ Section 56.4.2, “Controlling WebAccess Application Logging,” on page 941 

+ Section 56.4.3, “Controlling Document Viewer Agent Logging,” on page 943 

+ Section 56.4.4, “Viewing WebAccess Log Files,” on page 943 

+ Section 56.4.5, “Interpreting WebAccess Log File Information,” on page 944 


56.4.1 Controlling WebAccess Agent Logging 


The WebAccess Agent provides logging options to help you monitor the operation of the agent. The 
WebAccess Agent logs information to the console and to a log file on disk (by default, disk logging 
is turned off). You can control the following logging features: 

+ The type of information to log. 

+ Whether disk logging is on or off. 


+ How long to retain log files. 
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+ The maximum amount of disk space to use for log files. 


+ Where to store log files. 


You can control logging through ConsoleOne, WebAccess Agent startup switches, and the 
WebAccess Agent console. The following table shows which logging options you can control from 
each location. 


Table 56-1 Logging Options 


Gönseläöria Startup NetWare Linux Windows 
Switches Console Console Console 
Logging Level Yes Yes Yes No Yes 
Disk Logging Yes Yes Yes No No 
Maximum Log File Age Yes Yes Yes No No 
Maximum Disk Space Yes Yes Yes No No 
Log File Location Yes Yes No No Yes 


The log settings in ConsoleOne are used as the default settings. Startup switches override the 
ConsoleOne log settings, and agent console settings override startup switches and ConsoleOne 
settings for the current agent session. 


Whether or not logging is turned on by default varies by platform: 
NetWare On by default 


and 
Windows: 


Linux: Off by default 
When logging is turned on, the WebAccess Agent creates a new log file each day and each time it is 


started. The log file is named mmddweb. nnn, where mm is the month, dd is the day, and nnn is a 
sequenced number (001 for the first log file of the day, 002 for the second, and so forth). 


Where WebAccess Agent log files are located by default varies by platform: 


NetWare domain\wpgate\webac70a\000.pre 

and 

Windows: 

Linux: /var/log/novell/groupwise/domain name.gateway name/000.prc 


For information about modifying log settings, see the following sections: 


+ “Modifying WebAccess Agent Log Settings in ConsoleOne” on page 939 
+ “Modifying WebAccess Agent Log Settings through Startup Switches” on page 940 


+ “Modifying WebAccess Agent Log Settings through the WebAccess Agent Server Console” on 
page 940 
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Modifying WebAccess Agent Log Settings in ConsoleOne 
To modify log settings in ConsoleOne: 


1 In ConsoleOne, right-click the WebAccess Agent object, then click Properties. 
2 Click GroupWise > Log Settings to display the Log Settings page. 


Properties of WEBAC70A 


GroupWise + | NDS Rights + | Other | Rights to Files and Folders | 
Log Settings 





Log File Path: 





Logging Level: Normal 





Max Log File Age: 7 i days 








Max Log Disk Space: 65536 <] KBytes 





Page Options... 





3 Modify any ofthe following properties: 


Log File Path: By default, this field is empty. If you have turned on disk logging by using the / 
logdiskon startup switch (see Section , “Modifying WebAccess Agent Log Settings through 
Startup Switches,” on page 940), the log files are saved to the default directory or to the 
directory specified by the /log startup switch. If you want to specify a different location, enter 
the directory path or browse to and select the directory. 


If you have not used the /logdiskon startup switch to turn on logging, specifying a log file path 
activates disk logging (after you restart the WebAccess Agent). 


Logging Level: There are four logging levels: Off, Normal, Verbose, and Diagnostic. Off turns 
logging off; Normal displays initial statistics, user logins, warnings, and errors; Verbose 
displays normal logging plus user requests; and Diagnostic displays Verbose logging plus 
thread information. The default is Normal logging. Use Diagnostic only if you are 
troubleshooting a problem with WebAccess. 


The verbose and diagnostic logging levels do not degrade WebAccess Agent performance, but 
log files saved to disk consume more disk space when verbose or diagnostic logging is in use. 


Max Log File Age: Specify the number of days you want the WebAccess Agent to retain old 
log files. The WebAccess Agent retains the log file for the specified number of days unless the 
maximum disk space for the log files is exceeded. The default age is 7 days. 


Max Log Disk Space: Specify the maximum amount of disk space you want to use for log 
files. If the disk space limit is exceeded, the WebAccess Agent deletes log files, beginning with 
the oldest file, until the limit is no longer exceeded. The default disk space is 65536 KB. 


4 Click OK to save the log settings. 
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Modifying WebAccess Agent Log Settings through Startup Switches 


Startup switches override any log settings you specified through ConsoleOne. See “Modifying 
WebAccess Agent Log Settings in ConsoleOne” on page 939. 


For information about startup switches that can be used to modify log settings, see Section 57, 
“Using WebAccess Startup Switches,” on page 945. 


Modifying WebAccess Agent Log Settings through the WebAccess Agent Server 
Console 
+ “Modifying Log Settings through the NetWare Agent Server Console” on page 940 


+ “Modifying Log Settings through the Windows WebAccess Agent Server Console” on 
page 940 


+ “Modifying Log Settings through the Linux WebAccess Agent Server Console” on page 940 


Modifying Log Settings through the NetWare Agent Server Console 
You can use the NetWare WebAccess Agent server console to modify the following log settings: 


Changes you make to log settings at the console apply only to the current session. When you restart 
the WebAccess Agent, the log settings are reset to the settings specified in ConsoleOne or the startup 
switches. See “Modifying WebAccess Agent Log Settings in ConsoleOne” on page 939 and 
“Modifying WebAccess Agent Log Settings through Startup Switches” on page 940. 


To modify the log settings: 


1 Atthe NetWare WebAccess Agent’s server console, press F10, select Logging Options, then set 
the log settings as needed: 


2 Press Esc to save the information. 


Modifying Log Settings through the Windows WebAccess Agent Server Console 


You can use the Windows WebAccess Agent’s console to modify the logging level. All other log 
settings must be modified through ConsoleOne or startup switches. See “Modifying WebAccess 
Agent Log Settings in ConsoleOne” on page 939 and “Modifying WebAccess Agent Log Settings 
through Startup Switches” on page 940. 


Changes you make to the log level at the console apply only to the current session. When you restart 
the WebAccess Agent, the log level is reset to the level specified in ConsoleOne or the startup 
switches. 


To modify the logging level: 


1 Inthe NetWare WebAccess Agent’s console (the DOS window), press F2 to cycle the log level 
between Normal, Verbose, and Diagnostic. Each level is described below: 


Modifying Log Settings through the Linux WebAccess Agent Server Console 


On Linux, the WebAccess Agent server console does not include functionality to change log 
settings. These settings must be modified through ConsoleOne, as described in “Modifying 
WebAccess Agent Log Settings in ConsoleOne” on page 939 or in the startup file, as described in 
“Modifying WebAccess Agent Log Settings through Startup Switches” on page 940. 
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56.4.2 Controlling WebAccess Application Logging 


The following WebAccess applications (Web server servlets) create log files that are configured by 
editing the Log Settings property page of their objects in ConsoleOne: 

+ WebAccess Application (Group WiseWebAccess object) 

+ WebPublisher Application (Group WiseWebPublisher object) 

+ Novell Speller Application (NovellSpeller object 
The WebAccess applications log information to log files on disk. You can control the following 
logging features: 

+ Where to store log files 

+ The amount of information to log 

+ How long to retain log files (not applicable to the Speller Application) 


+ The maximum amount of disk space to use for log files (not applicable to the Speller 
Application) 


¢ The language you want the log files written in 

¢ The format you want time information written in (not applicable to the Speller Application) 
When logging is turned on, the WebAccess applications create a new log file each day and each time 
it is restarted (as part of the Web server startup). 

+ WebAccess Application: mmddwas.nnn 

+ WebPublisher Application: mmddwps.nnn 

+ Speller Application: spellchk.log 
In the log filenames, mm is the month, dd is the year, and nnn is a sequenced log file number (001 
for the first log file of the day, 002 for the second, and so forth). WebAccess application log files are 


stored in platform-specific directories that are not the same as where the WebAccess Agent log files 
are stored. 


NetWare novell\webaccess\logs on the Web server 
and 

Windows: 

Linux: /opt/novell/groupwise/webaccess/logs 


To modify the application log settings: 


1 In ConsoleOne, browse to and select the Domain object where the application object is located. 


2 Right-click the application object (GroupWise WebAccess, GroupWise WebPublisher, or 
NovellSpeller), then click Properties. 


3 Click Application > Log Settings to display the Log Settings page. 
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Properties of GroupWiseWebAccess 


Application + | NDS Rights + | Other | 
Log Settings | 





Log File Path: WBD-NVVisysiNovelliwebaccessiogs 


Maximum Log File Age: T 4 days 


Maximum Log Disk Space: 1024 3 KBytes 





Logging Level: Normal 





Log Language: English 











Log Time Format: H:mm:ss 


Example:1 0:20:01 


Page Options... Cancel | Apply | Help | 








The Log Settings pages for the WebAccess Application and the WebPublisher Application are 
the same. The Log Settings page for the Speller Application does not include some of the fields 
shown above. 


4 Modify any of the following properties: 
Log File Path: Specify the path to the directory where you want to store the log files. 


Maximum Log File Age: Specify the number of days you want to retain the log files. The 
WebAccess application retains the log file for the specified number of days unless the 
maximum disk space for the log files is exceeded. The default age is 7 days. (Not applicable to 
the Speller Application.) 


Maximum Log Disk Space: Specify the maximum amount of disk space you want to use for 
application log files. If the disk space limit is exceeded, the WebAccess application deletes log 
files, beginning with the oldest file, until the limit is no longer exceeded. The default disk space 
is 65536 KB. (Not applicable to the Speller Application.) 


Logging Level: There are four logging levels: None, Normal, Verbose, and Diagnostic. None 
turns logging off; Normal displays warnings and errors; Verbose displays Normal logging plus 
information messages and user requests; and Diagnostic displays all possible information. The 
default is Normal logging. Use Diagnostic only if you are troubleshooting a problem with 
WebAccess. The verbose and diagnostic logging levels do not degrade application 
performance, but log files saved to disk consume more disk space when verbose or diagnostic 
logging is in use. 

Log Language: Select the language in which you want information written to the log files. The 


list contains many languages, some of which the WebAccess application might not support. If 
you select an unsupported language, the information is written in English. 

Log Time Format: Choose from the following formats to use when the WebAccess 
application records dates and times in the log files: HH :mm: ss : SS, MM/dd: H:mm:ss.ss, 
or dd/MM: H:mm:ss.SS.H and HH represent hours, mm represents minutes, ss and SS 
represent seconds, MM represents months, and dd represents days. (Not applicable to the 
Speller Application.) 


5 Click OK to save the log settings. 
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56.4.3 Controlling Document Viewer Agent Logging 


The Document Viewer Agent also creates log files. Logging is enabled by default. The default 
location where log files are created varies by platform: 
NetWare: sys:\system\gwdva.dir\log 
Linux: /var/log/novell/groupwise/gwdva 
Windows: c:\webacc\gwdva.dir\log 
Because the Document Viewer Agent is currently configured using switches in its startup file, you 
must activate the switches in order to change how logging is performed. 
1 Use an ASCII text editor to edit the Document Viewer Agent startup file (gwdva . dva). 


The default location of the startup file depends on the platform where the Document Viewer 
Agent is running: 


NetWare: sys:\system 
Linux: /opt/novell/groupwise/agents/share 
Windows: c:\webacc 


2 Scroll down to the log switches section. 


3 Remove the comment character (;) from the /loglevel startup switch, then set the log level as 
needed. 


4 If you want to change the location where the Document Viewer Agent stores log files, remove 
the comment marker from the /log switch, then provide a the full path to the desired location. 


5 If you want to change the length of time log files are stored from its default of 7 days, remove 
the comment characters from the /logdays switch, then specify the number of days to store log 
files. 


6 Ifyou want to change the maximum size for log files, remove the comment characters from the 
/logmax switch, then specify the maximum size in kilobytes for each log file. 


7 Save the gwdva. dva file, then exit the text editor. 


8 Restart the WebAccess Agent to put the new settings into effect. 


56.4.4 Viewing WebAccess Log Files 


You can view the log file for the current WebAccess Agent session, or you can view archived log 
files. The current WebAccess Agent log file is viewable through the NetWare WebAccess Agent 
console, as described in “NetWare: Using the WebAccess Agent Server Console” on page 925 (but it 
is not available at the server console on Linux or Windows), or in the WebAccess Agent Web 
console for all platforms, as described in Section 56.1.2, “Using the WebAccess Agent Web 
Console,” on page 929. Archived WebAccess Agent log files are viewable through the Web consoles 
or an ASCII text editor. 


The WebAccess Application log files can be viewed through the WebAccess Application Web 
console, as described in Section 56.2.2, “Using the WebAccess Application Web Console,” on 
page 935. The other application log files can be viewed through ASCII text editors. 
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The Document Viewer Agent log files can be viewed through the Document Viewer Web console, as 
described in “Viewing the Document Viewer Agent Web Console” on page 936. 


56.4.5 Interpreting WebAccess Log File Information 
On startup, the WebAccess records the WebAccess settings currently in effect. Thereafter, it logs 


events that take place, including errors. To look up error messages that appear in WebAccess log 
files, see “WebAccess Agent Error Messages” in GroupWise 7 Troubleshooting 1: Error Messages. 


944 GroupWise 7 Administration Guide 


Using WebAccess Startup 
Switches 


+ Section 57.1, “WebAccess Agent Startup Switches,” on page 945 
+ Section 57.2, “Document Viewer Agent Startup Switches,” on page 953 


57.1 WebAccess Agent Startup Switches 


You can use the switches listed below when starting the Group Wise” WebAccess Agent. The 
switches override any configuration settings you specified through ConsoleOne®. 


During installation of the WebAccess Agent, the Installation program creates a default startup file, 
agent name.waa, where agent_name is the name assigned to the WebAccess Agent (for 
example, webac70a.waa). The location of the startup file varies by platform. 


NetWare: sys:system\gwinter @webac70a.waa 
Linux: /opt/novell/groupwise/agents/share/webac70a.waa 
Windows: c:\webacc\webac70a.waa 


The startup file is referenced from platform-specific files that are used to start the WebAccess 
Agent. You can also add startup switches to these platform-specific files. 


NetWare: sys:\system\strtweb.ncf 
Linux: /etc/init.d/grpwise-wa 
Windows: c:\webacc\strtweb.bat 


The table below summarizes WebAccess Agent startup switches for all platforms and how they 
correspond to configuration settings in ConsoleOne. 


Switch starts with: abcdefghijklmnopqrstuvwxyz 


NetWare WebAccess Linux WebAccess Windows WebAccess : 
ConsoleOne Settings 


Agent Agent Agent 

@filename @filename @filename N/A 
/cluster N/A N/A N/A 
/help --help /help N/A 
/home --home /home N/A 
/http --http /http N/A 
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NetWare WebAccess Linux WebAccess Windows WebAccess i 
ConsoleOne Settings 


Agent Agent Agent 

/httppassword --httppassword /httppassword GroupWise > Optional Gateway 
Settings > HTTP Password 

/httpport --httpport /httpport GroupWise > Network Address > 
HTTP Port 

/nttpuser --httpuser /httpuser GroupWise > Optional Gateway 
Settings > HTTP User Name 

/ip --ip lip GroupWise > Network Address 

log --log log GroupWise > Log Files > Log File 
Path 

llogdays --logdays /logdays GroupWise > Log Files > Max Log 
File Age 

logdiskon --logdiskon logdiskon N/A 

loglevel --loglevel /loglevel GroupWise > Log Settings > Logging 
Level 

/logmax --logmax /logmax GroupWise > Log Settings > Max 
Log Disk Space 

/maxusers --maxusers /maxusers N/A 

/password N/A N/A N/A 

/port --port /port GroupWise > Network Address 

N/A --show N/A N/A 

/threads --threads /threads WebAccess > Settings > Maximum 
Threads 

/user N/A N/A N/A 

/work --work /work 


57.1.1 @filename 


Specifies a startup file to use. You can add any of the WebAccess Agent startup switches to the 
startup file and then reference the file when starting the WebAccess Agent. For example: 


NetWare: load sys:system\gwinter @webac70a.waa 
Linux: /opt/novell/groupwise/agents/bin/gwinter @webac70a.waa 
Windows: c:\webacc\gwinter.exe @webac70a.waa 


During installation of the WebAccess Agent, the Installation program creates a default startup file, 
agent name.waa, where agent_name is the name assigned to the WebAccess Agent object (for 
example, webac70a.waa). The default startup file is created in the following platform-specific 
locations: 
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NetWare: sys:\system 
Linux: /opt/novell/groupwise/agents/share 
Windows: c:\webacc 


The startup file is referenced from the batch files or scripts so that you do not need to specify the 
startup file when you start the WebAccess Agent. 


NetWare: strtweb.ncf 
Linux: grpwise-wa 
Windows: strtweb.bat 


Linux WebAccess 


NetWare WebAccess Agent Windows WebAccess Agent 


Agent 
Syntax: @l[vol:][\din]file @[/dir/|file @[drive:][\din]file 
@\\svrnvoldir\file @\\svnsharename\dinfile 
Example: load gwinter @webac70a.waa ./gwinter gwinter.exe @webac70a.waa 
load gwinter @sys:\agt\webac70a.waa = Owebac”0a.waa  gwinter.exe @d:\agt\webac70 
load gwinter @\\s2\sys\agt\webac70a. a.waa 
waa gwinter.exe @\\s2\c\agt\weba 


c70a.waa 


57.1.2 /cluster 


Enables the WebAccess Agent to run in a clustered environment (using Novell® Cluster Services™), 
See “Implementing WebAccess in a NetWare Cluster” in “Novell Cluster Services on NetWare” in 
the GroupWise 7 Interoperability Guide. 


If you are running the NetWare® WebAccess Agent on the latest version of NetWare 6.x and Novell 
Cluster Services, the WebAccess Agent can detect the cluster automatically. 


NetWare WebAccess Agent Linux WebAccess Agent Windows WebAccess Agent 


Syntax:  /cluster N/A N/A 


57.1.3 /help 


Displays a listing and description of the startup switches. When this switch is used, the WebAccess 
Agent does not start. 


NetWare WebAccess Agent Linux WebAccess Agent Windows WebAccess Agent 
Syntax: /help or /? --help /help or /? 
Example: load gwinter /help ./gwinter --help gwinter.exe /help 
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57.1.4 /home (Required) 


Specifies the path to the WebAccess Agent’s gateway directory under the domain directory. If you 
use the default WebAccess Agent gateway directory name, the path is 
x:\domain\wpgate\webac70a. This switch is required. 


NetWare WebAccess Agent Linux WebAccess Agent Windows WebAccess Agent 
Syntax: /home-[svA][vol:]\dir --home /dir /nome-[drive:]\dir 
/home-\\svAvoldir /home-\\svAsharename\dir 
Example: /home-\provo1 --home /gwsystem/provo1 /home-\provo1 
/home-mail:\provo1 /home-m:\provo1 
/home-server2\mail:\provo1 /home-\\server2\c\provo1 


/home-\\server2\mail\provo1 


57.1.5 /http 


If the WebAccess Agent’s Web console is disabled in ConsoleOne, this switch enables the Web 
console. See “Enabling the WebAccess Agent Web Console” on page 930. 


NetWare WebAccess Linux WebAccess Windows WebAccess 


Syntax: /http --http /http 


See also /httppassword, /httpport, and /httpuser. 


57.1.6 /httppassword 


Specifies the password that must be entered when logging in to the WebAccess Agent’s Web 
console. See “Enabling the WebAccess Agent Web Console” on page 930. 


NetWare WebAccess Agent Linux WebAccess Agent Windows WebAccess Agent 
Syntax: /httppassword- --httppassword /httppassword- 
unique_password unique_password unique_password 


Exampl  /httppassword-AgentWatch --httppassword AgentWatch  /httppassword-AgentWatch 
e: 


See also /http, /httpport, and /httpuser. 


57.1.7 /httpport 


Sets the HTTP port number used for the WebAccess Agent to communicate with your Web browser. 
The default is 7211; the setting must be unique. See “Using the WebAccess Agent Web Console” on 
page 929. 


NetWare WebAccess Agent Linux WebAccess Agent Windows WebAccess Agent 


Syntax: Ihttpport-port number --httpport port number Ihttpport-port number 
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NetWare WebAccess Agent Linux WebAccess Agent Windows WebAccess Agent 


Example: — /httpport-7212 --httpport 7213 /httpport-7214 
See also /http, /httppassword, and /httpuser. 


57.1.8 /httpuser 


Specifies the username that must be entered when logging in to the WebAccess Agent’s Web 
console. See “Enabling the WebAccess Agent Web Console” on page 930. 


NetWare WebAccess Agent Linux WebAccess Agent Windows WebAccess Agent 
Syntax: /nttpuser-unique_name --httprefresh unique_name /httprefresh-unique_name 
Example: /httpuser-GWWebCon --httpuser GWWebCon /httpuser-GWWebCon 


See also /http, /httpport, and /httppassword. 


57.1.9 /ip 


Specifies the IP address of the WebAccess Agent’s server. 


NetWare WebAccess Agent Linux WebAccess Agent Windows WebAccess Agent 
Syntax: — /ip-IP address --ip IP. address lip-IP. address 
lip-"full DNS name” --ip "full DNS name” lip-"full DNS name” 
Example: /ip-172.16.5.18 --ip 172.16.5.18 lip-172.16.5.18 
lip- --ip lip- 
*webacsvr.provo.novell.com *webacsvr.provo.novell.co *webacsvr.provo.novell.co 
» m” m” 


57.1.10 /log 


Specifies the path to the log file directory. The default location varies by platform. 


NetWare: domain\wpgate\webac70a\000.pre 
Linux: /var/log/novell/groupwise/domain.gateway/000.pre 
Windows: domain\wpgate\webac70a\000.pre 


For more information about the WebAccess Agent’s logging, see Section 56.4.1, “Controlling 
WebAccess Agent Logging,” on page 937. 


NetWare WebAccess Agent Linux WebAccess Agent Windows WebAccess Agent 
Syntax: Nog-[svn][vol:]\dir --log /dir Nog-[drive:]\dir 
/log-\\svr\voldir /log-\\svAsharename\dir 
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NetWare WebAccess Agent Linux WebAccess Agent Windows WebAccess Agent 


Example:  /log-\agt\log --log /gwsystem/logs /log-\agt\log 
/log-\\server2\mail:\agt\log /log-m:\agt\log 
/log-\\server2\mail\agt\log /log-\\server2\c\mail\agt\log 


Log files are named mmdd. nnn, where mm is the month, dd is the day, and nnn is a sequenced 
number starting with 001. For example, the first log file used on March 28 is named 0328.001, 
and the second log file used is named 0328.002. 


See also /logdays, /logdiskon, /loglevel, and /logmax 


57.1.11 /logdays 


Specifies the maximum number of days to keep log files. This setting works in combination with the 
/logmax setting. Log files are deleted when the maximum number of days or disk space size is 
reached, whichever comes first. The default is 7 days. 


For more information about the WebAccess Agent’s logging, see Section 56.4.1, “Controlling 
WebAccess Agent Logging,” on page 937. 


NetWare WebAccess Agent Linux WebAccess Agent Windows WebAccess Agent 
Syntax: /logdays-days --logdays days /logdays-days 
Example:  /logdays-5 --logdays 10 /logdays-14 


See also /log, /logdiskon, /loglevel, and /logmax 


57.1.12 /logdiskon 


Turns disk logging on. By default, the log file is not written to disk on NetWare and Windows. On 
Linux, the log file is written to disk by default. 


For more information about the WebAccess Agent’s logging, see Section 56.4.1, “Controlling 


WebAccess Agent Logging,” on page 937. 


NetWare WebAccess 


Linux WebAccess Agent Windows WebAccess Agent 
Agent 


Syntax: /logdiskon --logdiskon llogdiskon 


See also /log, /logdays, /loglevel, and /logmax 


57.1.13 /loglevel 


Specifies the level of information to write to the screen and to disk. There are three levels: Normal, 
Verbose, and Diagnostic. The default level is Normal. You can use Verbose to receive more 
information. You should use Diagnostic only if you are having problems with the WebAccess 
Agent. The verbose and diagnostic logging levels do not degrade Internet Agent performance, but 
log files saved to disk consume more disk space when verbose or diagnostic logging is in use. 
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For more information about the logging levels, see Section 56.4.1, “Controlling WebAccess Agent 
Logging,” on page 937. 


ena MIEPAGERES Linux WebAccess Agent Windows WebAccess Agent 
Syntax: loglevel-level --loglevel level Moglevel-leve/ 
Example:  /loglevel-verbose --loglevel verbose /loglevel-verbose 


See also /log, /logdays, /logdiskon, and /logmax 


57.1.14 /logmax 


Specifies the maximum disk space to use for logging. This setting works in combination with the / 
logdays setting. Log files are deleted when the maximum disk space or number of days is reached, 
whichever comes first. The default is 65536 KB. 


For more information about the WebAccess Agent’s logging, see Section 56.4.1, “Controlling 
WebAccess Agent Logging,” on page 937. 


NetWare WebAccess Agent Linux WebAccess Agent Windows WebAccess Agent 
Syntax: Mhogmax-kilobytes --logmax kilobytes fogmax-kilobytes 
Example:  /logmax-32000 --logmax 130000 /logmax-16000 


See also /log, /logdays, /logdiskon, and /loglevel 


57.1.15 /maxusers 


Specifies the maximum number of users that the WebAccess Agent allows to log in at one time. The 
default is 250. 


NetWare WebAccess Agent Linux WebAccess Agent Windows WebAccess Agent 


Syntax: = /maxusers-number of users --maxusers number_of_users /maxusers-number_of_users 


Example: /maxusers-300 --maxusers 400 /maxusers-500 


57.1.16 /password 


Used by the NetWare WebAccess Agent only. Specifies the Novell eDirectory™ password to use to 
access the network servers where the GroupWise domain directory and post office directories reside. 


NetWare WebAccess Agent Linux WebAccess Agent Windows WebAccess Agent 
Syntax: /password-NetWare_password N/A N/A 
Example: /password-GWise N/A N/A 


See also /user. 
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57.1.17 /port-number 


Specifies the port number the WebAccess Agent listens to. The default is 7205. See Section 54.1.5, 
“Changing the WebAccess Agent’s Network Address or Port Numbers,” on page 877. 


NetWare WebAccess Agent Linux WebAccess Agent Windows WebAccess Agent 
Syntax: Iport-port number --port port number /port-port number 
Example:  /port-1678 --port 1679 /port-1680 


See also /ip. 


57.1.18 --show 


Used by the Linux WebAccess Agent only. Running the WebAccess Agent with this option disabled 
(the default) causes the WebAccess Agent to run as a daemon without a user interface. Enabling this 
option causes the logging UI to appear in a terminal window. 


NetWare WebAccess Agent Linux WebAccess Agent Windows WebAccess Agent 


Syntax: N/A --show N/A 


57.1.19 /threads-number 


Specifies the number of threads the WebAccess Agent uses to process user requests. The default is 
12, which means the WebAccess Agent can process 12 user requests at one time. For more 
information, see Section 54.1, “Configuring the WebAccess Agent,” on page 870. 


NetWare WebAccess Agent Linux WebAccess Agent Windows WebAccess Agent 
Syntax: /threads-number --threads number /threads-number 
Example:  /threads-15 --threads 20 /threads-30 


57.1.20 /user 


Used by the NetWare WebAccess Agent only. Specifies the eDirectory username to use to access the 
network servers where the GroupWise domain directory and post office directories reside. Must be 
used with /password. 


NetWare WebAccess Agent Linux WebAccess Agent Windows WebAccess Agent 
Syntax: luser-NetWare. user ID N/A N/A 
Example: /user-GWAgents N/A N/A 


See also /password. 
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57.1.21 /work 


Specifies the path to the WebAccess Agent’s work directory. By default, the work directory is the 
same as the WebAccess Agent’s gateway directory (x:\domain\wpgate\webac70a). 


NetWare WebAccess Agent Linux WebAccess Agent Windows WebAccess Agent 
Syntax: /work-[sva][vol:]\dir --work /dir /work-[drive:]\dir 
/work-\\svnvoldir /work-\\svAsharename\dir 
Example: /work-\webwork --work /webwork /work-\webwork 
/work-mail:webwork /work-m:\webwork 
/work-server2\mail:\webwork /work-\\server2\c\mail\webwork 


/work-\\server2\mail\webwork 


57.2 Document Viewer Agent Startup Switches 


The Viewer Agent is configured by editing its startup file (gwdva . dva). The default location for 
the startup files varies by platform. 


NetWare: sys:\system 
Linux: /opt/novell/groupwise/agents/share 
Windows: c:\webacc 


The table below summarizes Document Viewer Agent startup switches for all platforms and how 
they correspond to configuration settings in ConsoleOne. 


Switch starts with: abcdefghijklmnopqrstuvwxyz 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent ConsoleOne Settings 
laddrspacename N/A N/A N/A 
/cache --cache /cache N/A 
/domain --domain /domain N/A 
/email --email /email N/A 
/hold --hold /hold N/A 
/http --http /http N/A 
/httpport --httpport Ihttpport N/A 
/httppw --httppw /nttppw N/A 
/httpuser --httpuser /nttpuser N/A 
lip --ip lip N/A 
Nang --lang Nang N/A 
/log --log log N/A 
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NetWare Viewer Agent 


Linux Viewer Agent 


Windows Viewer Agent 


ConsoleOne Settings 


logdays --logdays /logdays N/A 
loglevel --loglevel loglevel N/A 
/logmax --logmax /logmax N/A 
/maxcache --maxcache /maxcache N/A 
/maxhold --maxhold /maxhold N/A 
/maxprobtime --maxprobtime /maxprobtime N/A 
/maxsize --maxsize /maxsize N/A 
/maxtime --maxtime /maxtime N/A 
/maxtrancache --maxtrancache /maxtrancache N/A 
/maxtrantime --maxtrantime /maxtrantime N/A 
/maxworkers --maxworkers /maxworkers N/A 
/minworkers --minworkers /minworkers N/A 
/port --port /port N/A 
[relay --relay /relay N/A 
/temp --temp /temp N/A 


57.2.1 laddrspacename 


Runs each Document Viewer Agent worker thread in its own namespace. Specify the base name for 
the series of address space names that are created for the worker threads. The default base name is 
GWDVAWRKR, which results in address spaces named GWDVAWRKR1, GWDVAWRKR2, and 


so on. 
NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 
Syntax: /addrspacename- N/A N/A 
address_space_name 
Example: /addrspacename-GWDVA N/A N/A 


See also /minworkers and /maxworkers. 


57.2.2 lcache 


Enables the documentation caching capability of the Viewer Agent. See Section 54.8.4, “Document 
Cache,” on page 911 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 


Syntax: /cache --cache /cache 
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See also /maxcache, /maxtrancache, /maxtrantime, and /maxprobtime. 


57.2.3 [domain 


Specifies the mail domain name for the Viewer Agent to use when sending e-mail notifications 
about quarantined documents. The Viewer Agent sends the notifications as 
gwdva@domain_name.This is necessary when you have configured the Viewer Agent to notify an 
administrator whenever a document is quarantined. See Section 54.8.3, “Document Quarantine,” on 
page 911. 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 
Syntax: /domain-domain_name --domain domain_name /domain-domain_name 
Example: /domain-corporate.com --domain novell.com /domain-suse.com 


See also /hold, /maxhold, /email, and /relay. 


57.2.4 lemail 


Provides the e-mail address of a user that the Viewer Agent should notify when it places a document 
in quarantine. See Section 54.8.3, “Document Quarantine,” on page 911. 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 
Syntax: /email-’e-mail_address” --email “e-mail address” lemail-”e-mail address” 
Exampl /email- --email lemail- 
e: ’admin@corporate.com” “jsmith(Dcorporate.com” *postmaster@corporate.com” 


See also /hold, /maxhold, /domain, and /relay. 


57.2.5 /hold 


Enables the document quarantine feature of the Viewer Agent, which is disabled by default. See 
Section 54.8.3, “Document Quarantine,” on page 911 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 


Syntax: /hold --hold /hold 


See also /maxhold, /email, /domain, and /relay. 


57.2.6 /http 


Enables the Viewer Agent Web console. See “Enabling the Document Viewer Agent Web Console” 
on page 935. 
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NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 


Syntax: /http --http /http 
See also /httpport, /httppw, and /httpuser. 


57.2.7 /httpport 


Sets the HTTP port number used for the Viewer Agent to communicate with the WebAccess Agent. 
The default is 7439; the setting must be unique. See “Enabling the Document Viewer Agent Web 
Console” on page 935. 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 
Syntax: /httpport-port_number --httpport port_number /httpport-port_number 
Example: — /httpport-7430 --httpport 7420 /httpport-7410 


See also /http, /httppw, and /httpuser. 


57.2.8 /httppw 


Specifies the password for the Viewer Agent to prompt for before allowing Viewer Agent status 
information to be displayed in your Web browser. Do not use an existing eDirectory password 
because the information passes over the non-secure connection between your Web browser and the 
Viewer Agent. See “Enabling the Document Viewer Agent Web Console” on page 935. 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 
Syntax: /httppassword- --httppassword /httppassword- 
unique_password unique_password unique_password 


Exampl — /httppassword-AgentWatch --httppassword AgentWatch /httppassword-AgentWatch 
e: 


See also /http, /httpport, and /httpuser. 


57.2.9 /httpuser 


Specifies the username for the Viewer Agent to prompt for before allowing Viewer Agent status 
information to be displayed in a Web browser. Providing a username is optional. Do not use an 
existing eDirectory username because the information passes over the insecure connection between 
your Web browser and the Viewer Agent. See “Enabling the Document Viewer Agent Web Console” 


on page 935. 

NetWare POA Linux POA Windows POA 
Syntax: /httpuser-unique_name --httprefresh unique_name /httprefresh-unique_name 
Example: /httpuser-GWWebCon --httpuser GWWebCon /httpuser-GWWebCon 
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See also /http, /httpport, and /httppw. 


57.2.10 /ip 


Specifies the IP address that the Viewer Agent listens on for client/server requests from the 
WebAccess Agent. The default is the first IP address that the Viewer Agent finds on the server. See 
Section 54.8.7, “Client/Server Configuration,” on page 912. 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 
Syntax: lip-IP_address --ip IP address lip-IP. address 
Example: — /ip-172.16.5.18 --ip 172.16.5.18 lip-172.16.5.18 


See also /port. 


57.2.11 /lang 


Specifies the ISO language code that the Viewer Agent should use if it cannot determine the 
language of a document that needs conversion. The default is en for English. 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 
Syntax: /lang-/SO_code --lang /SO_ code /lang-/SO_code 
Example:  /lang-fr --lang de /lang-es 


57.2.12 /log 


Sets the directory where the Viewer Agent stores its log files. The default location varies by 
platform. 


NetWare: sys:\system\gwdva.dir\log 
Linux: /var/log/novell/groupwise/gwdva 


Windows: c:\webacc\gwdva.dir\log 


For more information, see Section 56.4.3, “Controlling Document Viewer Agent Logging,” on 
page 943. 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 
Syntax: /|og-[svn][vol:]\dir --log /dir Nog-[drive:]\dir 
Mog-MsvAvohdir log-\svñsharename\dir 
Example:  /log-\agtilog --log /gwsystem/logs /log-\agt\log 
/log-\\server2\mail:\agt\log /log-m:\agt\log 
/log-\\server2\mail\agt\log /log-\\server2\c\mail\agt\log 


Typically you find multiple log files in the specified directory. The first 4 characters represent the 
date. The next 3 characters identify the agent. A three-digit extension allows for multiple log files 
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created on the same day. For example, a log file named 0518dva.001 indicates that it is a Viewer 
Agent log file, created on May 18. If you restart the Viewer Agent by restarting the WebAccess 
Agent on the same day, a new log file is created, named 0518dva.002. 


See also /loglevel, /logdays, and /logmax. 


57.2.13 /logdays 


Specifies how many days to keep Viewer Agent log files on disk. The default is 7 days. See 
Section 56.4.3, “Controlling Document Viewer Agent Logging,” on page 943. 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 
Syntax: llogdays-days --logdays days /logdays-days 
Example:  /logdays-5 --logdays 10 /logdays-14 


See also /log, /loglevel, and /logmax. 


57.2.14 /loglevel 


Controls the amount of information logged by the Viewer Agent. Valid settings are Normal, 
Verbose, Diagnostic, and Off. The default is Normal, which writes only the essential information 
suitable for a smoothly running Viewer Agent. Use Verbose to save the essential information, plus 
additional information helpful for troubleshooting. Verbose logging does not degrade Viewer Agent 
performance, but log files saved to disk consume more disk space when verbose logging is in use. 
See Section 56.4.3, “Controlling Document Viewer Agent Logging,” on page 943. 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 
Syntax: loglevel-level --loglevel level Moglevel-leve/ 
Example:  /loglevel-verbose --loglevel verbose /loglevel-verbose 


See also /log, /logdays, and /logmax. 


57.2.15 /logmax 


Sets the maximum amount of disk space for all Viewer Agent log files. When the specified disk 
space is consumed, the Viewer Agent deletes existing log files, starting with the oldest. The default 
is 65536 KB. See Section 56.4.3, “Controlling Document Viewer Agent Logging,” on page 943. 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 
Syntax: Nogmax-kilobytes --logmax kilobytes /logmax-kilobytes 
Example:  /logmax-3200 --logmax 130000 /logmax-1600 
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57.2.16 /maxcache 


Specifies in megabytes the maximum amount of disk space that the library cache can occupy. The 
default is 100. To clear out the contents of the library cache, set /maxcache to 0 (zero); this also 
disables the library cache in the future. See Section 54.8.4, “Document Cache,” on page 911. 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 
Syntax: /maxcache-megabytes --maxcache megabytes /maxcache-megabytes 
Example: /maxcache-150 --maxcache 200 /maxcache-300 


See also /cache, /maxtrancache, /maxtrantime, and /maxprobtime. 


57.2.17 /maxhold 


Specifies in megabytes the maximum amount of disk space that the document quarantine can 
occupy. The default is 100. To clear out the contents of the quarantine, set /maxhold to 0 (zero); this 
also disables the quarantine in the future. See Section 54.8.3, “Document Quarantine,” on page 911. 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 
Syntax: /maxhold-megabytes --maxhold megabytes /maxhold-megabytes 
Example: /maxhold-150 --maxhold 200 /maxhold-300 


See also /hold, /email, /domain, and /relay. 


57.2.18 /maxprobtime 


Specifies in days the maximum amount of time a document that cannot be converted remains on the 
list of problem documents. The default is 5. Section 54.8.4, “Document Cache,” on page 911. 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 
Syntax: /maxprobtime-days --maxprobtime days /maxprobtime-days 
Example: /maxprobtime-3 --maxprobtime 7 /maxprobtime-10 


See also /cache, /maxcache, /maxtrancache, and /maxtrantime. 


57.2.19 /maxsize 


Specifies in kilobytes the maximum size to which a file can grow during the conversion process. 
The default is 1024. Section 54.8.5, “Agent Performance,” on page 912. 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 
Syntax: /maxsize-kilobytes --maxsize kilobytes /maxsize-kilobytes 
Example: /maxsize-2048 --maxsize 4096 /maxsize-3072 
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See also /maxtime. 


57.2.20 /maxtime 


Specifies in seconds the maximum amount of time a worker thread can work on a converting a 
single document. The default is 120 (2 minutes). Section 54.8.5, “Agent Performance,” on page 912. 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 
Syntax: /maxtime-seconds --maxtime seconds /maxtime-seconds 
Example: /maxtime-240 --maxtime 360 /maxtime-60 


See also /maxsize. 


57.2.21 /maxtrancache 


Specifies in megabytes the maximum amount of disk space that the transient cache can occupy. The 
default is 20. To clear out the contents of the transient cache, set /maxtrancache to 0 (zero); this also 
disables the transient cache in the future. See Section 54.8.4, “Document Cache,” on page 911. 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 
Syntax: /maxtrancache-megabytes --maxtrancache megabytes /maxtrancache-megabytes 
Example: /maxtrancache-30 --maxtrancache 50 /maxtrancache-60 


See also /cache, /maxcache, /maxtrantime, and /maxprobtime. 


57.2.22 /maxtrantime 


Specifies in days the maximum amount of time a document remains in the transient cache. The 
default is 1. Section 54.8.4, “Document Cache,” on page 911. 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 
Syntax: /maxtrantime-days --maxtrantime days /maxtrantime-days 
Example: /maxtrantime-2 --maxtrantime 3 /maxtrantime-5 


See also /cache, /maxcache, /maxtrancache, and /maxprobtime. 


57.2.23 /maxworkers 
Specifies the maximum number of worker threads that the Viewer Agent starts. The default is 15. 


The maximum number of threads is limited only by available memory resources on the server. 
Section 54.8.5, “Agent Performance,” on page 912. 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 


Syntax: /maxworkers-number --maxworkers number /maxworkers-number 
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NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 


Example: /maxworkers-20 --maxworkers 40 /maxworkers-60 


See also /minworkers. 


57.2.24 /minworkers 


Specifies the minimum number of worker threads that the Viewer Agent starts. The default is 5. The 
maximum number of threads is limited only by available memory resources on the server. See 
Section 54.8.5, “Agent Performance,” on page 912. 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 
Syntax: /minworkers-number --minworkers number /minworkers-number 
Example:  /minworkers-10 --minworkers 20 /minworkers-30 


See also /maxworkers. 


57.2.25 /port 


Specifies the port number where the Viewer Agent listens for client/server requests from the 
WebAccess Agent. The default is 7440. Worker threads are assigned ascending port numbers from 
the primary port number. For example, the first 5 worker threads would be assigned ports 7441 
through 7445. See Section 54.8.7, “Client/Server Configuration,” on page 912. 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 
Syntax: /port-port_number --port port_number /port-port_number 
Example:  /port-7450 --port 7460 /port-7470 


See also /ip. 


57.2.26 /relay 


Specifies the IP address of a relay host if your system includes one. This is necessary if you have 
configured the Viewer Agent to notify an administrator whenever a document is quarantined. See 
Section 54.8.3, “Document Quarantine,” on page 911. 


NetWare Viewer Agent Linux Viewer Agent Windows Viewer Agent 
Syntax: lrelay-IP. address --relay IP. address Irelay-IP. address 
Example:  /relay-172.16.5.18 --relay 172.16.5.19 lrelay-172.16.5.20 


See also /hold, /maxhold, /email, and /domain. 
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57.2.27 /temp 


Sets the path to the directory where the Viewer Agent creates its temporary files. The default varies 
by platform. See Section 54.8.2, “Document Conversion,” on page 910. 


NetWare: sys:\system\gwdva.dir\temp 
Linux: /opt/novell/groupwise/agents/bin/gwdva.dir/temp 
Windows: c:\webacc\gwdva.dir\temp 


NetWare Viewer Agent 


Syntax: /temp-[svaA][vol:]\dir 
/temp-\\svrvohdir 


Example: /temp-\dva\temp 
/temp-\\server2\mail:\dva/temp 
/temp-\\server2\mail\dva/temp 
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Linux Viewer Agent 


--temp /dir 


--temp /gwsystem/temp 


Windows Viewer Agent 


/temp-[drive:]\dir 
/temp-\\sv”Asharename\dir 
/temp-\dva\temp 


/temp-m:\dva\temp 
/temp-\\server2\c\mail\dva\temp 


Monitor XI | | 


+ Chapter 58, “Understanding the Monitor Agent Consoles,” on page 965 
+ Chapter 59, “Configuring the Monitor Agent,” on page 969 

+ Chapter 60, “Configuring the Monitor Application,” on page 991 

+ Chapter 61, “Using GroupWise Monitor,” on page 997 

+ Chapter 62, “Comparing the Monitor Consoles,” on page 1021 

+ Chapter 63, “Using Monitor Agent Switches,” on page 1023 


Monitor 963 


964 GroupWise 7 Administration Guide 


Understanding the Monitor Agent 58 
Consoles 


The Monitor Agent offers three consoles: 


+ Section 58.1, “Monitor Agent Server Console,” on page 965 
+ Section 58.2, “Monitor Agent Web Console,” on page 965 
+ Section 58.3, “Monitor Web Console,” on page 966 


For a comparison of the capabilities of the three consoles, see Chapter 62, “Comparing the Monitor 
Consoles,” on page 1021 


For detailed instructions about installing and starting the GroupWise® Monitor Agent for the first 
time, see “Installing GroupWise Monitor” in the GroupWise 7 Installation Guide. 


58.1 Monitor Agent Server Console 


The Monitor Agent server console is available for the Windows Monitor Agent but not for the Linux 
Monitor Agent. 


Figure 58-1 Monitor Agent Server Console 
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All agent configuration tasks can be performed at the Monitor Agent server console, but some 
reports are not available. 


58.2 Monitor Agent Web Console 


The Monitor Agent Web console is platform-independent and can be viewed at the following URL: 


http://web server address:8200 
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Figure 58-2 Monitor Agent Web Console 
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To create the Monitor Agent Web console display, your Web server communicates directly with the 
Monitor Agent to obtain agent status information. You must be behind your firewall to use the 
Monitor Agent Web console. Because the Linux Monitor Agent does not have a server console, you 


use the Monitor Agent Web console in its place on Linux. 


The Monitor Agent Web console is divided into the Agent Groups window on the left and the Agent 
Status window on the right. Using the Agents Groups window, you can create and manage agent 


groups the same as you can at the Monitor Agent server console. 


Several Monitor features are available at the Monitor Agent Web console that are not available at the 
Monitor Agent server console or the Monitor Web console. These are summarized in Chapter 62, 


“Comparing the Monitor Consoles,” on page 1021. 


58.3 Monitor Web Console 


The Monitor Web console is also platform-independent and can be viewed at the following URLs: 


NetWare or http://web server address/gw/gwmonitor 
Windows Web 
Server: 





Linux http://web server address/gwmon/gwmonitor 
Web Server: 


966 GroupWise 7 Administration Guide 


Figure 58-3 Monitor Web Console 
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To create the Monitor Web console display, your Web server communicates with the Monitor 
Application (a component of your Web server), which then communicates with the Monitor Agent 
to obtain agent status information. This enables the Monitor Web console to be available outside 
your firewall, while the Monitor Agent Web console can be used only inside your firewall. 


The Monitor Web console is divided into the Agent Groups window on the left and the Agent Status 
window on the right. Using the Agents Groups window, you can create and manage agent groups the 
same as you can at the Monitor Agent server console. 


The Monitor Web console does not include some features that are available at the Monitor Agent 
server console and the Monitor Agent Web console. These are summarized in Chapter 62, 
“Comparing the Monitor Consoles,” on page 1021. 
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Configuring the Monitor Agent 


For detailed instructions about installing and starting the Group Wise” Monitor Agent for the first 
time, see “Installing GroupWise Monitor” in the GroupWise 7 Installation Guide. 


The default configuration of the Group Wise Monitor Agent is adeguate to begin monitoring 
existing Group Wise agents (Post Office Agents, Message Transfer Agents, Internet Agents, and 
WebAccess Agents). You can also customize the configuration to meet your specific monitoring 
needs. 


On Windows, you configure the Monitor Agent at the Monitor Agent server console on the 
Windows server where the Monitor Agent is running. 


Figure 59-1 Monitor Agent Server Console on Windows 
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On Linux, similar functionality is available in your Web browser at the Monitor Agent Web console: 
http://localhost:8200. 


Figure 59-2 Monitor Agent Web Console on Linux 
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The following topics help you customize the Monitor Agent for your specific needs: 


+ Section 59.1, “Selecting Agents to Monitor,” on page 970 

+ Section 59.2, “Creating and Managing Agent Groups,” on page 973 

¢ Section 59.3, “Configuring Monitoring Protocols,” on page 975 

+ Section 59.4, “Configuring Polling of Monitored Agents,” on page 978 

+ Section 59.5, “Configuring E-Mail Notification for Agent Problems,” on page 979 

+ Section 59.6, “Configuring Audible Notification for Agent Problems,” on page 983 

+ Section 59.7, “Configuring SNMP Trap Notification for Agent Problems,” on page 984 


+ Section 59.8, “Configuring Authentication and Intruder Lockout for the Monitor Web 
Console,” on page 985 


+ Section 59.9, “Configuring Monitor Agent Log Settings,” on page 986 


+ Section 59.10, “Configuring Proxy Service Support for the Monitor Web Console,” on 
page 987 


+ Section 59.11, “Monitoring Messenger Agents,” on page 988 
+ Section 59.12, “Supporting the GroupWise High Availability Service on Linux,” on page 989 


59.1 Selecting Agents to Monitor 


By default, the Monitor Agent starts monitoring all GroupWise agents (Post Office Agents, Message 
Transfer Agents, Internet Agents, and WebAccess Agents) in your GroupWise system, based on the 
information from a domain database (wpdomain.db). You might not want to continue monitoring 
all agents. And under certain circumstances, you might want to monitor agents that are not part of 
your local GroupWise system. 


+ Section 59.1.1, “Filtering the Agent List,” on page 970 

+ Section 59.1.2, “Adding All Agents on a Server,” on page 971 
+ Section 59.1.3, “Adding All Agents on a Subnet,” on page 971 
+ Section 59.1.4, “Adding an Individual Agent,” on page 972 

+ Section 59.1.5, “Removing Added Agents,” on page 972 


59.1.1 Filtering the Agent List 


You can configure the Monitor Agent to stop and start monitoring selected agents as needed. 
At the Windows Monitor Agent server console: 
1 Click Configuration > Filter. 
or 


On Linux, at the Monitor Agent Web console, click Preferences > Filter. 
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The Filtered Out list displays all agents that are not currently being monitored. 


2 Select one or more agents in the Monitored list, then click Remove to move them to the Filtered 
Out list. 


3 Click OK. 


Agents in the Filtered Out list are not monitored and do not appear at the Monitor Agent server 
console or at the Monitor Agent Web console. To start monitoring a filtered-out agent, move it back 
to the Monitored list. 


59.1.2 Adding All Agents on a Server 


If you add a new server to your GroupWise system or want to monitor agents in a different 
Group Wise system, you can easily start monitoring all the agents running on that server. 


At the Windows Monitor Agent server console: 
1 Click Configuration > Add from Machine. 
Or 


On Linux, at the Monitor Agent Web console, click Preferences > Add Agents. 


x 
Enter the address of the new Agent 
Ades [— Cancel 
Port | | Help 





2 Type the IP address of the new server, then click OK. 


All GroupWise agents on the new server are added to the list of monitored agents. 


If the new server is part of your local GroupWise system, you can simply restart the Monitor Agent 
and it picks up all new agents in your system. 


59.1.3 Adding All Agents on a Subnet 


If you add several new servers to your GroupWise system or want to monitor agents in a different 
Group Wise system, you can easily start monitoring all the agents running on the same subnet. 


At the Windows Monitor Agent server console: 


1 Click Configuration > Add from Network. 
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or 


On Linux, at the Monitor Agent Web console, click Preferences > Add Agents. 


Add from Network x| 
Enter the subnet OK 


| O Cancel 


Help 





2 Type the subnet portion of the IP addresses of the new servers, then click OK. 


All GroupWise agents on the subnet are added to the list of monitored agents. 


If the new servers are part of your local GroupWise system, you can simply restart the Monitor 
Agent and it picks up all new agents in your system. 


59.1.4 Adding an Individual Agent 


You can start monitoring an individual agent anywhere in your GroupWise system or another 
Group Wise system. 


At the Windows Monitor Agent server console: 
1 Click Configuration > Add Agent. 
or 


On Linux, at the Monitor Agent Web console, click Preferences > Add Agents. 


x! 
Enter the address of the new Agent. 
Address Cancel 
Port [ Help 





2 Type the IP address of the server where the agent runs. 
3 Type the port number the agent listens on. 
4 Click OK. 


The agent is added to the list of monitored agents. 


59.1.5 Removing Added Agents 


To stop monitoring agents that you have manually added to the Monitor Agent’s configuration: 
At the Windows Monitor Agent server console: 
1 Click Configuration > Remove Agents. 
or 


On Linux, at the Monitor Agent Web console, click Preferences > Remove Agents. 
2 Select the agents you want to remove, then click Remove. 
3 Click OK. 
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59.2 Creating and Managing Agent Groups 


You might find it convenient to group related agents together for monitoring purposes. Initially, all 
agents are in a single group with the same name as your Group Wise system. 


Figure 59-3 Monitor Agent Console on Initial Startup 
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Agent groups are displayed on the left side of the Monitor Agent server console. When you select an 
agent group, the monitored agents in the group and their status information are listed on the right 
side of the Monitor Agent server console. 


Figure 59-4 Monitor Agent Console with Agent Groups Defined 
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You can create additional groups and subgroups as needed to make monitoring similar agents easier. 
You might want to create agent groups based on geographical areas, on administrative 
responsibilities, or on agent configuration similarities. The number of agents in the group is 
displayed to the right of the group name in the agent groups window. 


In addition, by creating agent groups, you can provide configuration settings for monitoring just 
once for all agents in each group, rather than having to provide them individually for each agent in 
your GroupWise system. 


+ 


Section 59.2.1, “Creating an Agent Group,” on page 974 


+ 


Section 59.2.2, “Managing Agent Groups,” on page 974 


+ 


Section 59.2.3, “Viewing Your Agent Group Hierarchy,” on page 974 


+ 


Section 59.2.4, “Configuring an Agent Group,” on page 975 
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NOTE: On Linux, you perform these tasks at the Monitor Agent Web console or Monitor Web 
console, using steps similar to those provided in this section 





59.2.1 Creating an Agent Group 


At the Windows Monitor Agent server console: 


1 Right-click the folder where you want to create the agent group, then click Create. 

2 Type a name for the group, then click OK to create a new folder for the agent group. 
The group name must be unique within its parent group. 

3 Click a folder containing agents that you want to add to the new group. 

4 Drag and drop agents into the new group as needed. 


5 Click the new group to view its contents. 


You can nest groups within groups as needed. 


59.2.2 Managing Agent Groups 


Managing agent groups is easy at the Monitor Agent server console: 
+ To rename an agent group, right-click the agent group, click Rename, type the new name, then 
press Enter. 
+ To move an agent group, drag and drop it to its new location. 


¢ To delete an agent group, right-click the agent group, then click Delete. A group must be empty 
before you can delete it. 


59.2.3 Viewing Your Agent Group Hierarchy 


When you create nested groups, you can choose how much of the hierarchy you want displayed at 
the Monitor Agent server console: 


+ You can open and close groups manually by clicking the plus and minus icons beside each 
folder. 
¢ To expand your entire group hierarchy, click View > Expand Tree. 
¢ To collapse your entire group hierarchy, click View > Collapse Tree. 
You can also decide whether you want to view just the agents in the currently selected group or the 
agents in subgroups as well. By default, only the agents in the selected folder are listed in the agent 


window. Right-click an agent group, then click Show Subgroup Agents to display the contents of 
nested groups along with the selected group. 
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Figure 59-5 Monitor Agent Server Console with Subgroup Agents Displayed 
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Numbers in brackets beside each group indicate the number of agents in the selected group and the 
total number displayed 


59.2.4 Configuring an Agent Group 


Configuration settings for monitoring can be set individually for each monitored agent, for each 
agent group, or for all monitored agents collectively. You can establish default configuration settings 
for all agents by setting them on the root agent group that is named the same as your GroupWise 
system. Those default settings can be inherited by each subgroup that you create thereafter if you 
select Apply Options to Subgroups. Those default settings can be overridden by establishing 
different settings for an agent group or for an individual agent if you deselect Use Parent Options. 


59.3 Configuring Monitoring Protocols 


By default, the Monitor Agent uses HTTP to communicate with the agents it monitors. If HTTP is 
not available, the Monitor Agent changes automatically to SNMP. 


Group Wise 7 agents, GroupWise 6.x agents and 6.x-level gateways, as well as the GroupWise agents 
provided with the GroupWise 5.5 Enhancement Pack, can be monitored using HTTP. Agents dating 
from GroupWise 5.5 and earlier, as well as 5.5-level GroupWise gateways, must be monitored using 
SNMP. 


+ Section 59.3.1, “Configuring the Monitor Agent for HTTP,” on page 975 
+ Section 59.3.2, “Configuring the Monitor Agent for SNMP,” on page 977 


59.3.1 Configuring the Monitor Agent for HTTP 


You can customize how the Monitor Agent communicates with your Web browser. 
At the Windows Monitor Agent server console: 
1 Click Configuration > HTTP. 
or 


At the Linux Monitor Agent Web console, click Preferences > Setup, then scroll down to the 
ATTP Settings section. 
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HTTP Configuration xi 
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2 Modify the HTTP settings as needed: 


HTTP Refresh: Specify the number of seconds after which the Monitor Agent sends updated 
information to the Monitor Web console. The default is 300 seconds (5 minutes). 


HTTP Port: Specify the port number for the Monitor Agent to listen on for requests for 
information from the Web console. The default port number is 8200. 


Open a New Window When Viewing Agents: Select this option to open a new Web browser 
window whenever you display an agent Web console. This enables you to view the Monitor 
Web console and an agent Web console at the same time, or to view two agent Web consoles at 
the same time for comparison. 


3 Click OK to put the new HTTP settings into effect. 
At the Windows Monitor Agent server console: 

4 Click Configuration > Poll Settings. 
or 


On Linux, at the Monitor Agent Web console, click Preferences > Setup, then scroll down to 
the HTTP Settings section. 





x 
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5 Fill in the following fields: 
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Poll Cycle: Specify the number of seconds after which the Monitor Agent polls all monitored 
Group Wise agents for updated information. 


By default, the Monitor Agent starts 20 threads to poll monitored agents. You can use the / 
pollthreads startup switch to adjust the number of threads. For more information, see 
Chapter 63, “Using Monitor Agent Switches,” on page 1023. 


By default, the Monitor Agent communicates with other Group Wise agents by way of XML. 
However, if XML is unavailable, the Monitor Agent automatically uses SNMP instead. Prior to 
the GroupWise 5.5 Enhancement Pack, GroupWise agents did not support XML, so the 
Monitor Agent must use SNMP to monitor these older agents. If you need to monitor older 
agents, see Section 59.3.2, “Configuring the Monitor Agent for SNMP,” on page 977. 


If all monitored agents in the group require the same username and password in order to 
communicate with the Monitor Agent, you can provide that information as part of the Monitor 
Agent’s configuration. 


HTTP User Name: Provide the username for the Monitor Agent to use when contacting 
monitored agents in the group for status information. 


HTTP Password: Provide the password, if any, associated with the username specified in the 
field above. 





NOTE: On Linux, at the Monitor Agent Web console, the HTTP User Name and HTTP 
Password fields are not available. However, you can use the --httpagentuser and -- 
httpagentpassword startup switches when you start the Monitor Agent to achieve the same 
functionality. For more information, see Chapter 63, “Using Monitor Agent Switches,” on 
page 1023. 





If the monitored agents use different usernames and passwords, you are prompted to supply 
them when the Monitor Agent needs to communicate with the monitored agents. 


6 Click Apply Options to Subgroups if you want subgroups to inherit these settings. 
7 Click OK to put the specified poll cycle into effect. 


59.3.2 Configuring the Monitor Agent for SNMP 


The Monitor Agent must use SNMP to communicate with Group Wise agents that date from earlier 
than the GroupWise 5.5 Enhancement Pack. You can customize how the Monitor Agent 
communicates with such older agents and how it communicates with SNMP monitoring and 
management programs. 


At the Windows Monitor Agent server console: 
1 Click Configuration > Polling. 
or 


On Linux, at the Monitor Agent Web console, click Preferences > Setup, then scroll down to 
the SNMP Settings section. 
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T Force polling through SNMP 








IT Apply options to subgroups 





2 Specify the number of seconds after which the Monitor Agent polls all monitored GroupWise 
agents for updated information using SNMP. 


3 Inthe SNMP box, modify the SNMP settings as needed: 


Time Out: Specify the number of seconds the Monitor Agent should wait for a response from 
servers where GroupWise agents run. 


Number of Retries: Specify how often the Monitor Agent should try to contact the servers 
where Group Wise agents run. 


SNMP Community Strings: Provide a comma-delimited list of community strings required to 
access the servers where GroupWise agents run. 


Force Polling through SNMP: Select this option to use SNMP polling instead of the default 
of XML polling when contacting servers where agents in the group run. 


4 Click Apply Options to Subgroups if you want subgroups to inherit these settings. 
5 Click OK to put the new SNMP settings into effect. 


6 Make sure the GroupWise agents you want to monitor using SNMP are enabled for SNMP. See 
Section 37.6.1, “Setting Up SNMP Services for the POA,” on page 541 and Section 42.6.1, 
“Setting Up SNMP Services for the MTA,” on page 668. The same instructions can be 
followed for all GroupWise 5.x, 6.x, and 7 agents. 


59.4 Configuring Polling of Monitored Agents 


By default, the Monitor Agent polls all monitored agents every five minutes. You can adjust the poll 
cycle as needed. 


At the Windows Monitor Agent server console: 
1 Select the root agent group to set the poll cycle default for all monitored agents. 
or 
Select any agent group to set the poll cycle for the agents in the selected group. 
or 


Select any agent to set the poll cycle for that individual agent. 
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2 Click Configuration > Poll Settings. 
or 


At the Linux Monitor Agent Web console, select one ore more agents, click Preferences > 
Setup, then scroll down to the HTTP Settings section. 





x 
PAUSE Parent Paling Option 
Poll Cycle m = seconds Cancel 
HTTP. Help 


HTTP User Name 
HTTP Password 


~ SNMP 


Time-out 30 i seconds 
Number of Retries |? = 


SNMP Community Stings pe 


Comma separated list of community strings 


T Force polling through SNMP 














IT Apply options to subgroups 





Unless you selected the root agent group, Use Parent Notification Options is selected and all 
options are dimmed. Deselect Use Parent Notification Options to set up e-mail notification for 
an agent group. 


3 Increase or decrease the poll cycle as needed, then click OK. 


59.5 Configuring E-Mail Notification for Agent 
Problems 


The Monitor Agent can notify you by e-mail when agent problems arise. 


+ Section 59.5.1, “Configuring E-Mail Notification,” on page 979 
+ Section 59.5.2, “Customizing Notification Thresholds,” on page 981 


59.5.1 Configuring E-Mail Notification 


You can configure the Monitor Agent to notify one or more users by e-mail if an agent goes down. 
You can also receive e-mail confirmation messages showing that the Monitor Agent itself is still 
running normally. 


At the Windows Monitor Agent server console: 
1 Select the root agent group to set up e-mail notification defaults for all monitored agents. 
or 
Select any agent group to set up e-mail notification for the agents in the selected group. 
or 


Select any agent to set up e-mail notification for that individual agent. 


2 Click Configuration > Notification. 


Configuring the Monitor Agent 979 


or 


On Linux, at the Monitor Agent Web console, select one or more agents, then click Preferences 
> Setup to display the Notify settings. 


x 
J" Use Parent Notification Optior 
Notification List 

Cancel 
Comma separated list of users to notify — 
Test Notify 


Mail Domain Name 
Relay Address 


T Send SNMP Traps 


Play Sound Sounds. | 


Notification Events 
IV Agent Down 


M Server Down 


Threshold Exceeded Thresholds 
Minimum threshold level for notification [Unknown = 


M State retums to Normal 


Repeat Notification After |15 a minutes 


T Periodic Monitor Confirmation 


Confirm [ 1 4 minutes 





T Apply options to subgroups 





Unless you selected the root agent group, Use Parent Notification Options is selected and all 
options are dimmed. Deselect Use Parent Notification Options to set up e-mail notification for 
an agent group or an individual agent. 


3 Specify one or more e-mail addresses or pager addresses to send notifications to. 
Specify the Internet domain name of your GroupWise system. 


5 Ifthe mail system to which e-mail notification is being sent performs reverse DNS lookups, 
specify the IP address or hostname of a server to relay the notification messages through. 


The Monitor Agent should relay e-mail notifications through a server that has a published DNS 
address. 


6 Click Test Notify to determine if the Monitor Agent can successfully send to the addresses 
specified in the Notification List field. 


A message informs you of the results of the test. If the test is successful, a test message arrives 
shortly at each address. If the test is unsuccessful, double-check the information you provided 
in the Notification List, Mail Domain Name, and Relay Address fields. 


7 Select the events to trigger e-mail notification messages. 
+ Agent down 
+ Server down 
¢ Threshold exceeded 
+ State returns to normal 


If you want to be notified of more specific states, see Section 59.5.2, “Customizing Notification 
Thresholds,” on page 981. 


8 Select the amount of time that you want to elapse before repeat e-mail notifications are sent. 
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9 To monitor the Monitor Agent and assure it is functioning normally, select Periodic Monitor 
Confirmation, then select the number of minutes between Monitor Agent e-mail confirmation 
messages. 


10 Click OK to save the e-mail notification settings. 


59.5.2 Customizing Notification Thresholds 


To refine the types of events that trigger e-mail notification messages, you can create your own 
thresholds that describe very specific states. Using thresholds, you can configure the Monitor Agent 
to notify you of problem situations peculiar to your GroupWise system. 


1 Make sure that notification has been properly set up as described in Section 59.5.1, 
“Configuring E-Mail Notification,” on page 979. 
2 Select one or more agents or agent groups. 
At the Windows Monitor Agent server console: 
3 Click Thresholds. 
Or 
On Linux, at the Monitor Agent Web console, click Preferences > Thresholds. 
[Group Thresholds - Corporate Mail pai 2x) 
MTA |POA | GWIA| WebAccess| DVA | Gateways | 


> Use Parent Threshold: 
| Expression | State | Severity | Apply to subgroups 





Delete Threshold 


Number of messages in admin queues. 


Expression |mta4DAGCount xl | z] alasid Mints anil 
State [Gita x Add Threshold 


I Apply threshold to subgroups 





D Overwrite all thresholds in subgroups 





Cancel Help 





The tabs at the top of the dialog box enable you to create a separate threshold for each type of 
Group Wise agent. 


4 Select the type of agent to create a threshold for. 
5 Inthe Expression field, select a MIB variable. 


GroupWise agent MIB files are located in the \agents\snmp directory of your GroupWise 
software distribution directory or GroupWise 7 Administrator CD. The MIB files list the 
meanings of the MIB variables and what type of values they represent. The meaning of the 
MIB variable selected in the Expression field is displayed above the field. 


6 Select an operator from the drop-down list. 
7 Type the value to test for. 


For example, you might want to test the mtaOldestQMsg variable for a specific number of 
seconds that you consider to be too long for a message to be in the queue. 
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8 In the State field, select an existing state. 


State 
Unknown 
Normal 
Informational 
Marginal 
Warning 
Minor 


Major 


GAIV6F O38 93 


Critical 


or 
Create a new state: 
8a At the Windows Monitor Agent server console, click Define State 

or 
On Linux, at the Monitor Agent Web console, click Preferences > States. 

8b Type a name for the new state. 

8c Select a severity level. 

8d Provide instructions about how to handle the new state. 


8e Click Close to save the new state. 
















State Severity 
@ Unknown Unknown No 
(7 Normal Normal No 
É Informational Informational No 





Marginal Marginal No 
D'waming Warning No Remove State 
Minor Minor No 
F Major Major No 
Tà Critin al Critinal Ma sl 
State Name: Severity 
| i y O unknown x] Add State | 


Suggestions to include with the notification for this state 





9 Click OK to create the new threshold. 


10 Repeat Step 3 through Step 9 for each type of agent that you want to create a customized state 
for. 


11 Make sure Threshold Exceeded is selected in the Notification Events box. 


12 Click OK to save the new notification settings. 
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59.6 Configuring Audible Notification for Agent 


Problems 


If the server where the Monitor Agent runs is located where someone can respond immediately to a 
Group Wise agent problem, you can configure the Monitor Agent to produce a different sound 


according to the nature of the problem. 





NOTE: Audible notification is not available on Linux. 





At the Windows Monitor Agent server console: 


1 Select the root agent group to set up audible notification defaults for all monitored agents. 


or 


Select any agent group to set up audible notification for the agents in the selected group. 


or 


Select any agent to set up audible notification for that individual agent. 


2 Click Configuration > Notification. 


Group Notification - Corporate Mail 


P | Use Parent Notification Optior 


Notification List 


Comma separated list of users to notify 


Mail Domain Name 
Relay Address 


T Send SNMP Traps 


IV Play Sound Sounds | 
Notification Events 
IV Agent Down 


M Server Down 
Threshold Exceeded 


Thresholds 
Minimum threshold level for notification [Unknown hd 


M State retums to Normal 


Repeat Notification After |15 a minutes 


T Periodic Monitor Confirmation 


Confirm [ 1 4 minutes 





T Apply options to subgroups 


x 


Cancel 
Test Notify 


Help 





Unless you selected the root agent group, Use Parent Notification Options is selected and all 
options are dimmed. Deselect Use Parent Notification Options to set up notification for an 


agent group or individual agent. 


3 Select Play Sound, then click Sounds. 
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Choose the WAY files that will play when the following events occur 
Server Down [CT Browse... Cancel 
Agent Down [ Browse... Help 
Server Up | Browse... 


Agent Up Browse... 
Threshold Exceeded Browse... 





4 For each event, browse to and select a sound file to provide audible notification for each type of 
event for the selected agent group. 


The Monitor Agent launches the default media player for whatever type of sound file you 
select. Basic sound files are available in the c: \windows\media directory. 


5 Click OK to return to the Notification dialog box. 


6 Select notification events and other notification settings as described in Section 59.5, 
“Configuring E-Mail Notification for Agent Problems,” on page 979. 


7 Click OK to save the audible notification settings. 


59.7 Configuring SNMP Trap Notification for 
Agent Problems 


The Monitor Agent can throw SNMP traps for use by the Management and Monitoring component 
of Novell® ZENworks® for Servers or any other SNMP management and monitoring program. 


At the Windows Monitor Agent server console: 
1 Select the root agent group to set up SNMP trap notification defaults for all monitored agents. 
or 
Select any agent group to set up SNMP trap notification for the agents in the selected group. 
or 


Select any agent to set up SNMP trap notification for that individual agent. 
2 Click Configuration > Notification. 
or 


On Linux, at the Monitor Agent Web console, select one or more agents, then click Preferences 
> Setup to display the Notify settings. 
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x 
[E Use Parent Notification Optior 
Notification List 

Cancel 


Comma separated list of users to notify REE 
est Notifiy 
Mail Domain Name 
Help 


Relay Address 


T Send SNMP Traps 


IV Play Sound Sounds 


Notification Events 
M Agent Down 





M Server Down 


IV Threshold Exceeded Thresholds 
Minimum threshold level for notification [Unknown E 


M State retums to Normal 


Repeat Notification After [15 a minutes 


T Periodic Monitor Confirmation 


Confirm 1 3 minutes 


T Apply options to subgroups 





Unless you selected the root agent group, Use Parent Notification Options is selected and all 
options are dimmed. Deselect Use Parent Notification Options to set up notification for an 
agent group or individual agent. 


3 Select Send SNMP Traps, then click OK. 


4 Make sure that the Monitor Agent is properly configured for SNMP, as described in 
Section 59.3.2, “Configuring the Monitor Agent for SNMP,” on page 977. 


59.8 Configuring Authentication and Intruder 
Lockout for the Monitor Web Console 


Accessing GroupWise agent status information from your Web browser is very convenient. 
However, you might want to limit access to that information. You can configure the Monitor Agent 
to request a username and password before allowing users to access the Monitor Web console. In 
addition, you can configure the Monitor Agent to detect break-in attempts in the form of repeated 
unsuccessful logins. 





NOTE: To limit access on Linux, use the --httpmonuser and --httpmonpassword startup switches 
when you start the Monitor Agent. For more information, see Chapter 63, “Using Monitor Agent 
Switches,” on page 1023 The intruder lockout functionality is not available on Linux. 





At the Windows Monitor Agent server console: 


1 Click Configuration > HTTP. 
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HTTP Configuration xi 


HTTP Status: 
HTTP Refresh ET =] seconds Cancel 

= | 
HTTP Port 8200 Ki Help 


T Open a new window when viewing agents 





-Authentication - = 
T Require authentication to browse GW Monitor 
User name La 
Password (EEGI 
Password Confirm La 
Intruder Lockout Count es 
Intruder Lockout Period FE #4 minutes 


Intruder Lockout Status Static 


Clear Lockout 











2 Inthe Authentication box, select Require Authentication to Browse GW Monitor. 
3 Fill in the fields: 


User Name: Provide a username for the Monitor Agent to prompt for when a user attempts to 
access the Monitor Web console. 


Password: Provide a password for the Monitor Agent to prompt for when a user attempts 
access. Repeat the password in the Password Confirm field. 


For optimum security for the Monitor Web console, use the /httpssl and /httpcertfile startup 
switches, along with a certificate file, when starting the Monitor Agent. For more information, 
see Chapter 63, “Using Monitor Agent Switches,” on page 1023. 


Intruder Lockout Count: Specify the number of failed attempts the Monitor Agent should 
allow before it stops prompting the potentially unauthorized user for a valid username and 
password. 


Intruder Lockout Period: Specify the number of minutes that must elapse before the user can 
again attempt to access the Monitor Web console. 


If a valid user gets locked out of the Monitor Web console, you can use Clear Lockout to grant 
access before the intruder lockout period has elapsed. 


4 Click OK to put the authentication settings into effect. 


59.9 Configuring Monitor Agent Log Settings 


The Monitor Agent writes to two different types of log files. 


+ Event log files record error messages, status messages, and other types of event-related 
messages. 


+ History log files record dumps of all MIB values gathered during each poll cycle. 


Log files can provide a wealth of information for resolving problems with Monitor Agent 
functioning or agent monitoring. 


At the Windows Monitor Agent server console: 
1 Click Log > Log Settings. 


or 
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On Linux, at the Monitor Agent Web console, click Log. 





x 
Log File Path [STE Browse... 
-Event Log Settings ——— } Cancel 


Maximum log file age: 7 Days Help 


Maximum log disk space: [5120 KBytes 





- History Log Settings — — — 
Maximum log file age: 7 Days 


Maximum log disk space: 15120 KBytes 











2 Fill in the fields: 


Log File Path: Specify the full path of the directory where the Monitor Agent writes its log 
files. 


The default log file location varies by platform. 


Linux: /var/log/novell/groupwise/gwmon 


Windows: c:\gwmon 


Maximum Event Log File Age: Specify the number of days you want Monitor Agent event 
log files to remain on disk before being automatically deleted. The default event log file age is 
7 days. 
Maximum Event Log Disk Space: Specify the maximum amount of disk space for all 
Monitor event log files. When the specified disk space is used, the Monitor Agent overwrites 
existing Monitor Agent event log files, starting with the oldest. The default is 1024 KB of disk 
space for all Monitor Agent event log files. 
Maximum History Log File Age: Specify the number of days you want Monitor Agent 
history log files to remain on disk before being automatically deleted. The default history log 
file age is 7 days. 
Maximum History Log Disk Space: Specify the maximum amount of disk space for all 
Monitor history log files. When the specified disk space is used, the Monitor Agent overwrites 
existing Monitor Agent history log files, starting with the oldest. The default is 1024 KB of 
disk space for all Monitor Agent history log files. 

3 Click OK to put the new log settings into effect. 

4 To view existing event logs, click View > View Log Files. 


5 To view existing history log files, click Log > View History Files. 


59.10 Configuring Proxy Service Support for the 
Monitor Web Console 


The Monitor Web console provides links to the agent Web consoles. Although you can access the 
Monitor Web console from outside your firewall, by default you cannot access the agent Web 
consoles from outside your firewall. To enable the Monitor Web console to display the agent Web 
consoles from outside your firewall, you need to enable the Monitor Agent to support proxy service. 


1 Ina text editor, open the Monitor Application configuration file (gwmonitor.cfg) 
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The default location of this file varies by platform. 


Linux: /opt/novell/groupwise/gwmonitor 


Windows: c:\novell\gwmonitor 


2 Locate the following line: 
Provider.GWMP.Agent.Http.level=basic 


3 Change it to: 
Provider.GWMP.Agent.Http.level=full 


The basic setting restricts use of the Monitor Web console to within a firewall, while the full 
setting allows use of the Web console both inside and outside a firewall. A third setting, none, 
disables use of the Web console. 


4 Save and exit the Monitor Application configuration file. 
5 Start the Monitor Agent with the /proxy startup switch. 


For information about startup switches, see Chapter 63, “Using Monitor Agent Switches,” on 
page 1023. 


Without proxy service support enabled, the Monitor Web console, after it gets a Group Wise agent’s 
address from the Monitor Agent, communicates directly with the GroupWise agent. This process, 
however, does not work when communicating through a firewall. 


With proxy service support enabled, all communication is routed through the Monitor Agent and 
Monitor Application (on the Web server). As long as the Web server can be accessed through the 
firewall, the Monitor Web console can receive information about all GroupWise agents that the 
Monitor Agent knows about. 


59.11 Monitoring Messenger Agents 


Monitor can be used to monitor Messenger agents as well as GroupWise agents. In fact, Monitor can 
be used independently to monitor Messenger Agents. If you start Monitor with no access to 
GroupWise system, you are prompted for the information Monitor needs in order to start monitoring 
Messenger agents. 


Figure 59-6 GroupWise Monitor Setup Dialog Box 





I x 
r GroupWise System 
(© GroupWise domain path |] Browse. 
= Cancel 
C MTA with HTTP enabled Hep | 
Address e 
Port 7100 


GroupWise Messenger System 


Novell Messenger system object Browse... 
Replica address 


(eg. XXK. KNK. HHN.) 





r Specify a username and password to access the directory 


User name Browse... 
Password 
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To make this information a permanent part of your independent Messenger system, follow the 
instructions in “Using GroupWise Monitor” in “Managing the Messaging Agent” in the Novell 
Messenger Administration Guide. 


If Monitor is already monitoring GroupWise agents, then it is easy to add Messenger agents. 
At the Windows Monitor Agent server console: 
1 Click Configuration > Add Novell Messenger System. 


Add Novell Messenger System xÍ 
Novell Messenger System Object Browse... 
Specify a username and password to access the directory — Cancel 
User Name Browse... | Help 
Password 


r Specify how to access the directory 








Use direct access 





Replica Address: 
(eg. XRX. HKR. KRK. RHR) 














2 Fill in the following fields in the GroupWise Monitor Startup dialog box or the Add Novell 
Messenger System dialog box: 


Novell Messenger System Object: Browse to and select the eDirectory™ container where you 
created the Messenger system. 


User Name: Browse to and select a User object that has sufficient rights to enable the Monitor 
Agent to access Messenger object properties in eDirectory. 


Password: Specify the network password associated with the User object. 
Replica Address: Specify the IP address of a server where an eDirectory replica is available. 


3 Click OK to add the Messenger Agent and the Archive Agent to the list of monitored agents. 





NOTE: On Linux, use the Preferences > Add Agents at the Monitor Agent Web console to add the 
individual Messenger agents to the list of monitored agents. For more information, see 
Section 59.1.4, “Adding an Individual Agent,” on page 972. 





59.12 Supporting the GroupWise High 
Availability Service on Linux 


The GroupWise High Availability service, described in “Enabling the High Availability Service for 
the Linux GroupWise Agents” in “Installing GroupWise Agents” in the GroupWise 7 Installation 
Guide, relies on the Monitor Agent to know when an agent has stopped and needs to be restarted. To 
enable communication between the Monitor Agent and the High Availability service, start the 
Monitor Agent with the --hauser and --hapassword startup switches, set to the username and 
password of the Linux user you set up to represent the High Availability service on your Linux 
server. You can also use the --hapoll startup switch to control how often the Monitor Agent contacts 
the High Availability service with agent status information. The default is every 2 minutes. 
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Configuring the Monitor 
Application 


During installation, the Group Wise? Monitor Application is set up with a default configuration. 
However, you can use the information in the following sections to optimize the Monitor Application 
configuration: 


+ 


+ 


+ 


+ 


Section 60.1, “Modifying Monitor Application Environment Settings,” on page 991 


Section 60.2, “Modifying Monitor Application Log Settings,” on page 992 


Section 60.3, “Adding or Removing Service Providers,” on page 994 


Section 60.4, “Modifying Monitor Application Template Settings,” on page 995 


60.1 Modifying Monitor Application Environment 
Settings 


Using ConsoleOne®, you can modify the Monitor Application’s environment settings. The 

environment settings determine such things as the location where ConsoleOne stores the Monitor 
Application’s configuration file and how long the Monitor Application maintains an open session 
with an inactive user. 


1 In ConsoleOne, use the Console View to browse to the Monitor Application object (named 


Group WiseMonitor). 


Novell ConsoleOne 
File Edit View Wizards Tools Help 


Hals|#e le 


2 ejala Peel) e 











B p * CORP_TREE 2] 
Ely GroupWise 

(E) QA Administration 
Œ Q Development 
Q Legal 
-AÀ Marketing 
#-@ Provo1 
#-@ Provoz 
8) Provo3 
m- Provo4 
QB Sales 
Q Support 

















H- waltham 
#-@ Waitham2 


Console View 


SJ MTA 
A GIA 
4) WEBAC70A 


fe GroupWiseMonitor 


{B GroupWiseWehAccess 

{B GroupWisevvebPublisher 

[E NovellSpeller 

a GroupWiseDocumentProvider 
a GroupWiseProvider 

83 LDAPProvider 

483 MonitorProvider 





14 items À 





(User: admin Docdev Novell 


Tree: CORP. TREE 





The Monitor Application object is not available in the Group Wise View. 


2 Right-click the Monitor Application object, then click Properties to display the Environment 


page. 
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Properties of GroupWiseMonitor 


Application + | NDS Rights + | Other | 
Environment | 





Configuration File: yJBD-Nvisys'Novelligwmonitorigwmonitor.cfa| 





Logout URL: 





Page Options... Cancel Apply 








3 Modify the fields as needed: 


Configuration File: The Monitor Application does not have access to Novell® eDirectory® or 
the GroupWise domain database (wodomain. db). Therefore, ConsoleOne writes the 
application’s configuration information to the file specified in this field. By default, this is the 
gwmonitor.cfg file located in the Monitor Application’s home directory. The location of 
this home directory varies by platform. 


Linux: /opt/novell/groupwise/gwmonitor 


Windows: novell\gwmonitor atthe root of the Web server 


In general, you should avoid changing the location of the file. 


IMPORTANT: On Linux, do not change the location of the gwmonitor.cfg file. 





Logout URL: By default, if users are required to log in to the Monitor Web console, they are 
returned to the login page when they log out. If desired, you can enter the URL for a different 
page. 

4 Click OK to save the changes. 


60.2 Modifying Monitor Application Log Settings 


The Monitor Application logs information to log files on disk. You can control the following 
logging features: 

+ The type of information to log 

+ How long to retain log files 

+ The maximum amount of disk space to use for log files 

+ Where to store log files 


The Monitor Application creates a new log file each day and each time it is restarted (as part of the 
Web server startup). The log file is named mmddmon . nnn, where mm is the month, dd is the year, 
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and nnn is a sequenced log file number (001 for the first log file of the day, 002 for the second, and 
so forth). 


To modify the log settings: 


1 In ConsoleOne, browse to and right-click the Monitor Application object (named 
Group WiseMonitor), then click Properties. 


2 Click Application > Log Settings. 


Properties of GroupWiseMonitor 


Application + | NDS Rights + | Other | 
Log Settings 





Log File Path: \WBD-NVVisys'Novelligymonitorlogs 


a 
Maximum Log File Age: 7 >i days 





Maximum Log Disk Space: 1024 = KBytes 





Logging Level: Normal 





Log Language: English 











Log Time Format: H:mm:ss 


Example:1 0:20:01 


Page Options... Cancel Apply 








3 Modify the log settings as needed: 


Log File Path: Specify the path to the directory where you want to store the log files. The 
default log file directory varies by platform. 


Linux: /var/log/novell/groupwise/gwmon 


Windows: novell\gwmonitor\logs directory at the root of the Web server 


Maximum Log File Age: Specify the number of days you want to retain the log files. The 
Monitor Application retains the log file for the specified number of days unless the maximum 
disk space for the log files is exceeded. The default age is 7 days. 


Maximum Log Disk Space: Specify the maximum amount of disk space you want to use for 
the log files. If the disk space limit is exceeded, the Monitor Application deletes log files, 
beginning with the oldest file, until the limit is no longer exceeded. The default disk space is 
1024 KB. 


Logging Level: There are four logging levels: None, Normal, Verbose, and Diagnostic. None 
turns logging off; Normal displays warnings and errors; Verbose displays Normal logging plus 
information messages and user requests; and Diagnostic displays all possible information. The 
default is Normal logging. Use Diagnostic only if you are troubleshooting a problem with 
Monitor. 


The verbose and diagnostic logging levels do not degrade Monitor Agent performance, but log 
files saved to disk consume more disk space when verbose or diagnostic logging is in use. 
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Log Language: Select the language in which you want information written to the log files. The 
list contains many languages, some of which the Monitor Application might not support. If you 
select an unsupported language, the information is written in English. 

Log Time Format: Choose from the following formats to use when the Monitor Application 
records dates and times in the log files: HH:mm:ss:SS, MM/dd: H:mmzss.SS, or dd/MM: 
H:mmz:ss.SS. H and HH represent hours, mm represents minutes, ss and SS represent seconds, 
MM represents months, and dd represents days. 


4. Click OK to save the log settings. 


60.3 Adding or Removing Service Providers 


The Monitor Application receives reguests from Monitor Web console users and then passes the 
reguests to the appropriate service provider. The service provider fills the reguests and returns the 
reguired information to the Monitor Application. The Monitor Application merges the information 
into the appropriate template and displays it to the user. 


To function properly, the Monitor Application must know which service providers are available. The 
Monitor service provider communicates with the Monitor Agent to fill Monitor Web console 
reguests. The Monitor service provider is installed and configured at the same time as the Monitor 
Application. 


You can disable the Monitor service by removing the Monitor service provider. If you've created 
new service providers to expose additional services through Group Wise Monitor, you must define 
those service providers so that the Monitor Application knows about them. 


To define service providers: 
1 In ConsoleOne, right-click the Monitor Application object (named Group WiseMonitor), then 
click Properties. 
2 Click Application > Services. 


The Provider List displays all service providers that the Monitor Application is configured to 
use. 


Properties of GroupWiseMonitor 


‘| NDS Rights + | Other | 


Provider List: 





MonitorProvider Provo2.GroupWise 








Page Options... Cancel Apply 
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3 Choose from the following options: 


Add: To add a service provider to the list, click Add, browse to and select the service provider’s 
object, then click OK. 


Edit: To edit a service provider’s information, select the provider in the list, then click Edit. 
Delete: To remove a service provider from the list, select the provider, then click Delete. 


4 Click OK to save the changes. 


60.4 Modifying Monitor Application Template 
Settings 


When the Monitor Application receives information from a service provider, it merges the 
information into the appropriate Monitor template before displaying the information to the Monitor 
Web console user. Using ConsoleOne, you can modify the Monitor Application’s template settings. 
The template settings determine such things as the location of the templates, the maximum amount 
of server memory to use for caching the templates, and the default template language. 


1 In ConsoleOne, browse to and right-click the Monitor Application object (named 
Group WiseMonitor), then click Properties. 
2 Click Application > Templates to display the Templates page. 


Properties of GroupWiseMonitor 


Application + | NDS Rights ~| Other | 
Templates: 


Locations 





Template Path: (WBD-NisysiTomcatiwebappsigwweb-inficlasses'cominovelligwmonitor'ttemplates | 





Java Package: |com.novell.gwmonitor templates 





Images URL: — J/gwicomihovelligwmonitorimages 





Applets URL: 





Help URL: Jgwicomnovelligwmonitor/help 





Caching 


IV Enable template caching 
" 
Cache Size: 1024 1 
User Interface 
Default Language: [English El 
Define User Interfaces 








Page Options... Cancel Apply 








3 Modify the fields as needed: 


Template Path: Select the location of the template base directory. The template base directory 
contains the subdirectories (simple, frames, hdml, and wm1) for each of the templates 
provided with GroupWise Monitor. If you create your own templates, you need to place the 
templates in a new subdirectory in the template base directory. The default installation 
directory varies by platform. 


Linux: /var/opt/novell/tomcat/webapps/gw/WEB-INF/classes/com/novell/ 
gwmonitor/templates 
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Windows: tomcat_dir\webapps\ROOT\web- 
inf\classes\com\novell\gwmonitor\templates 


Java Package: Specify the Java package that contains the template resources used by the 
Monitor Application. The default package is com.novell.gwmonitor.templates. 


Images URL: Specify the URL for the GroupWise Monitor image files. These images are 
merged into the templates along with the Group Wise information. This URL must be relative to 
the Web server’s document root directory. The default relative URL varies by platform. 


Linux: /gw/com/novell/gwmonitor/images 


Windows: com\novell\gwmonitor\images 


Applets URL: The Monitor Application does not currently use applets. 


Help URL: Specify the URL for the GroupWise Monitor Help files. The default installation 
directory is the com\novell\gwmonitor\help directory under the Web server’s 
document root directory. 


Enable Template Caching: To speed up access to the template files, the Monitor Application 
can cache the files in memory. Select this option to turn on template caching. 


Cache Size: Select the maximum amount of memory, in kilobytes, you want to use when 
caching the templates. The default cache size, 1024 KB, is sufficient to cache all templates 
shipped with GroupWise Monitor. If you modify or add templates, you can turn on Verbose 
logging on the Monitor Application object Log Settings page to view the size of the template 
files. Using this information, you can then change the cache size appropriately. 

Default Language: Select the language to use when displaying the initial Monitor Web 
console page. 

Define User Interfaces: GroupWise Monitor supports Web browsers on many different 
devices (for example, computers and wireless telephones). Each device supports specific 
content types such as HTML, HDML, and WML. When returning information to a device’s 
Web browser, the Monitor Application must merge the information into a set of templates to 
create an interface that supports the content type required by the Web browser. 

GroupWise Monitor ships with several predefined user interfaces. These interfaces support 
Web browsers that require HTML, HDML, and WML content types. Click the User Interface 
button to view, add, modify, or delete user interfaces. 


4 Click OK to save the new template settings. 
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For a review of the three Monitor Agent consoles, see Section 58, “Understanding the Monitor 
Agent Consoles,” on page 965. This section focuses on using the Windows Monitor Agent server 
console and the Monitor Agent Web console, although many of these tasks can be performed at the 
Monitor Web console as well. 


The GroupWise® Windows Monitor Agent server console displays Group Wise agent status on the 
server where the Monitor Agent runs. On Linux, similar information can be displayed at the Monitor 
Agent Web console. 

+ Section 61.1, “Using the Monitor Agent Server Console,” on page 997 

+ Section 61.2, “Using the Monitor Web Console,” on page 1001 

¢ Section 61.3, “Generating Reports,” on page 1002 

+ Section 61.4, “Measuring Agent Performance,” on page 1012 

+ Section 61.5, “Collecting Gateway Accounting Data,” on page 1015 

+ Section 61.6, “Assigning Responsibility for Specific Agents,” on page 1018 

+ Section 61.7, “Searching for Agents,” on page 1019 


61.1 Using the Monitor Agent Server Console 


Initially, the Windows Monitor Agent server console lists all monitored GroupWise agents, along 
with their statuses. 





NOTE: On Windows, agents and agent groups are displayed at the Monitor Agent server console. 
On Linux, agent groups are displayed only at the Monitor Web console. 





Figure 61-1 Windows Monitor Agent Console with the Monitored GroupWise Agents Displayed 





KKK | lolx 
Configuration View Actions Reports Log Help 
EET [0.12] [Status [ StatusDuration [Name [Type Up Time | Closed Links | Queued | Platform 
WY Normal Od0h53m Development. Provo1 POA 5d8h14m N/A N/A NetWare 
(7 Normal 0d0h53m Marketing.Provo3 POA, 3d10h17m N/A N/A Linux 
(7 Normal 0d0h53m Provol MTA 5d8h14m 2 NetWare 
(7 Normal 0d0h53m Provo1.GWlA GwWIA 5d8h10m N/A N/A NetWare 
(7 Normal 0d0h43m Provo2 MTA Od0h51m 1 Windows 
E Not Listening OdOhOm Provo2.GwiA, Gwlé — Unknown N/A N/A Windows 
W Normal 0d0h53m Provo3 MTA 3d10h17m 0 Linux 
W Normal Od0h53m Provo3.GWIA GWIA 3d10h17m N/A N/A Linux 
(7 Normal OdOh48m Sales.Provo2 POA OdOh51m N/A N/A Windows 
WV Normal Od0h53m WEBAC704.Provol WEB 5d8h3m N/A N/A NetWare 
[x] Not Listening OdOh53m 'WEBAC?04.Provo2 WEB... Unknown N/A N/A ? 
(7 Normal OdO0h53m WEBAC70A.Provo3 WEB 13d4h26m N/A N/A Linux 
‘ »| 





[Next Poll: 280 seconds [ |HTTP: 8200 agents: 12 





After you create agent groups, as described in Section 59.2, “Creating and Managing Agent 
Groups,” on page 973, the agents in each group are displayed when you select a group. 
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Figure 61-2 Windows Monitor Agent Console 


À GroupWise Monitor k 101 x 


Configuration View Actions Reports Log Help 


[Status [ StatusDuration [Name [Type Up Time | Closed Links Platform 


E Corporate Mail [0. 12] 





Gateways 0d0h55m Development. Provo1 Sd8h14m N/A Netware 
OdO0h55m Provol 5d8hi4m 2 NetWare 
0d0h55m Provo1.GWIA 5d8h10m N/A NetWare 
0d0h55m 'WEBAC?04.Provo1 5d8h9m N/A NetWare 











[Next Poll: 207 seconds HTTP: 8200 


You can display many types of monitoring information at the Windows Monitor Agent server 
console. 

¢ Section 61.1.1, “Viewing All Agents,” on page 998 

+ Section 61.1.2, “Viewing Problem Agents,” on page 998 


+ Section 61.1.3, “Viewing an Agent Server Console,” on page 999 


+ 


Section 61.1.4, “Viewing an Agent Web Console,” on page 1000 


+ 


Section 61.1.5, “Polling the Agents for Updated Status Information,” on page 1000 


61.1.1 Viewing All Agents 


After you have separated your agents into groups, you can still view all agents in your GroupWise 
system in a single list. 


Atthe Windows Monitor Agent server console: 


1 Right-click the root agent group, then click Show Agent Subgroups. 
lolx) 


Configuration View Actions Reports Log Help 


[Status | Status Duration [Name [Type [UpTime | Closed Links | Queued | Platform 
WV Normal 0d0h57m Development. Provol POA 5d8h14m N/A N/A NetWare 
(7 Normal 0d0h57m Marketing. Provo3 POA 3d10h17m N/A N/A Linux 

W Normal 0d0h57m Provol MTA 5d8h14m 2 NetWare 
(7 Normal 0d0h57m Provo1.GWlA GWIA 5d8h10m N/A N/A Netware 
WV Normal OdOh52m Provo2 MTA Od0h51m 1 Windows 
É Not Listening OdOh4m Provo2.Gwlé, GWIA Unknown N/A N/A Windows 
# Normal Od0h5?m Provo3 MTA 3d10h17m 0 Linux 

(7 Normal 0d0h57m Provo3.GWIA GWIA 3d10h17m N/A N/A Linux 

(7 Normal Od0h52m Sales.Provo2 POA OdOh5im N/A N/A Windows 
WY Normal 0d0h57m *WEBAC704.Provo1 WEB... 5d8h9m N/A N/A NetWare 
[x] Not Listening OdOh5?m WEBAC7O4.Provo2 WEB... Unknown N/A N/A ? 

(7 Normal 0d0h57m 'WEBAC704.Provo3 WEB 13d4h26m N/A N/A Linux 
























Gateways 
( Linux Agents [4] 
NetWare Agents [4] 
LE Windows Agents [4] 


el 








[Next Poll: 51 seconds [HTTP: 8200 Agents: 12 





You can use the Show Agent Subgroups feature on any group that contains nested subgroups. 


61.1.2 Viewing Problem Agents 


In a single agent group or in a group with subgroups shown, you can filter the list to show only those 
agents whose status is not Normal. 
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At the Windows Monitor Agent server console: 
1 Click View > Problem Agents. 
or 
On Linux, at the Monitor Agent Web console, click Problems. 


NA GroupWise Monitor E lol x) 


Configuration View Actions Reports Log Help 


[Status [ StatusDuration [Name [Type Up Time | Closed Links Platform 
[X) Not Listening OdOh1m Provo2.GwiA, GWIA Unknown N/A N/A ? 
[X) Not Listening OdOh1m 'WEBAC?04.Provo2 WEB... Unknown N/A N/A ? 





Gateways 
© Linux Agents [4] 
NetWare Agents [4] 
QE Windows Agents [4] 





[Next Poll: 236 seconds HTTP: 8200 Agents: 2 





Only problem agents are now displayed. If you leave the Monitor Agent with only problem 
agents displayed, many groups might appear empty because all agents have a status of Normal. 


2 To view all monitored agents again, click View > All Agents. 
or 


On Linux, at the Monitor Agent Web console, click System. 


61.1.3 Viewing an Agent Server Console 


An active agent server console displays on each server where a Group Wise agent is running. You 
can display a similar agent server console from the Windows Monitor Agent server console. 





NOTE: This feature is not available on Linux. 





1 Right-click an agent, then click Agent Console. 








Jahi 
File Configuration 
Provo2 Normal Up Time: 0 Days O Hrs 58 Mins 
Status Statistics - 
Total Closed Total 10 Minutes 
Domains 6 1 Routed 1 0 
Post Offices 1 0 Undeliverable 0 0 
Gateways 2 0 Errors 0 0 





Queue Watcher 





Provo3 4 Domain Closed 
Provo2 0 Domain Open 
GWIA 0 Gateway Open 
Sales 0 Post Office Open 
WEBAC7O4, 0 Gateway Open 
Provol 0 Domain Open 





You cannot control the agent from the Monitor Agent like you can at the actual agent server console, 
but you can gather status information about the monitored agent. 
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61.1.4 Viewing an Agent Web Console 


An agent Web console can be displayed anywhere you have access to a Web browser and the 
Internet. You can launch an agent Web console from the Windows Monitor Agent server console. 


1 Right-click an agent, then click Agent Web Console. 
or 


On Linux, at the Monitor Agent Web console, click the domain or post office link. 








Total 


1 
1 
a 
0 
0 
a 
0 
0 
a 
0 


C/S Users 

Application Connections 
Physical Connections 

IMAP Sessions 

CAP Sessions 

SOAP Sessions 

Priority Queues 

Normal Queues 

GWCheck Auto Queues 
GWCheck Scheduled Queues 





hread Status 





C/S Handler Threads 6 
Message Worker Threads 6 
GWCheck Worker Threads 4 
IMAP Threads 2 
CAP Threads 1 
SOAP Threads 1 

p 


Message Transfer Status ia) 


o00000 





Statistics 





C/S Requests 111 
C/S Requests Pending 0 


For information about the agent Web consoles, see the GroupWise agent documentation: 


+ Section 37.2, “Using the POA Web Console,” on page 530 

+ Section 42.2, “Using the MTA Web Console,” on page 657 

+ Section 49.2, “Using the Internet Agent Web Console,” on page 787 

+ Section 56.1.2, “Using the WebAccess Agent Web Console,” on page 929 


61.1.5 Polling the Agents for Updated Status Information 


By default, the Monitor Agent polls the monitored agents every five minutes. You can change the 
default poll cycle, as described in Section 59.4, “Configuring Polling of Monitored Agents,” on 
page 978. The time remaining until the next poll cycle is displayed in the lower left corner of the 
Monitor Agent server console. 


You can also manually poll monitored agents: 


¢ To poll all agents, click Action > Poll All Agents. 
¢ To poll a specific agent, right-click the agent, then click Poll Agent. 


¢ To stop polling a specific agent (for example, because the server it runs on is awaiting repairs), 
right-click the agent, then click Suspend Polling. You can specify a time interval for the agent 
to be suspended, after which polling resumes automatically. By suspending polling, you 
prevent repeat notifications for a problem that is already being addressed. 
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The suspended agent’s status is listed as Suspended, accompanied by the same icon used for the 
Unknown status (2). 


¢ To restart regular polling of an agent for which polling was suspended, right-click the agent, 
then click Resume Polling. 


61.2 Using the Monitor Web Console 


The Monitor Web console lists all GroupWise agents that the Monitor agent is polling for status 
information. Use the following URLs to access the Monitor Web console: 

Linux: http://network address/gwmon/gwmonitor 

Windows: https://network_address/gw/gwmonitor 

where network_address represents the IP address or hostname of the server where the Monitor 
Agent is running. 

Figure 61-3 GroupWise Monitor Web Console 


GroupWise. Monitor 


























































































































ola) & Novell, 
0 Corporate Mail Monitored agents for "Corporate Mail" group 
Total: 12 Displayed: 1 - 12 
Create Refresh Problem I Suspend || Resume I Move |[ Options ][ Thresholds |[ Help ] 
— B Name Status Status Duration Up Time Type Version Platform 
Delete F © Provo3 Normal 11418h48m 1d14h20m MTA 7.0 (07/21/2005) Linux 
Refresh C (8) Provo3.GWIA Normal 114 18h48m 1d14h20m GWiA 7.0 (07/21/2005) Linux 
te C @ Marketing.Provo3 Normal 11d18h48m 1d14h20m POA 7.0 (07/21/2005) Linux 
CO (9) WEBACTOA.Provo3 Normal 11d18h43m 11d8h29m WEBACC 7.0 (7/22/2005 Linux 
C (8 Provot Normal 8d23h5m 3d12h16m MTA 7.0 (7/12/2005 NetWare 
C (@) Development.Provo1 Normal 8d23h5m 3d12h16m POA 7.0 (7/12/2005 NetWare 
M @ Provo1.GWIA Normal 3d10h19m 3d12h12m GWis 7.0 (07-12-05) NetWare 
M (8) WEBACTOA.Provo1 Normal 8d21h40m 3d12h12m WEBACC 7.0.0 (7/12/2005) NetWare 
C © Provoz Normal 114 18h48m 11d20h7m = MTA 7.0 (7/12/2005 Windows 
m Provo2.GWIA Not Listening Od14h46m odohom GWIA 7.0 (07-12-05) Windows 
(m Sales.Provo2 Not Listening Od14h46m odohom POA 7.0 (7/12/2005 Windows 
M (@) WEBACTOA.Provo2 Normal 11d18h48 m 12d7h31m WEBACC 7.0 (7/12/2005 Windows 














Features of the Monitor Web console are available on buttons at the top of the Monitor page. 


Button Feature 


Problems 

Link Trace 

Link Configuration 
Global Options 


States 





AAE 


Search 
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Click an agent group in the left panel to display all monitored agents in the group. Click the Problem 
button to display only those agents whose status is other than Normal in the agent group. Click the 
Problems icon to display all agents in your GroupWise system whose status is other than Normal. 


Click the status of an agent in the Status column to display agent status details. 


Click an agent in the Name column to open its agent Web console. For information about the agent 
Web consoles, see Section 61.1.4, “Viewing an Agent Web Console,” on page 1000. 


Click Refresh to update the agent status information. To modify the default poll cycle, see 
Section 59.4, “Configuring Polling of Monitored Agents,” on page 978. 


To see what specific tasks can be performed at the Monitor Web console, see Chapter 62, 
“Comparing the Monitor Consoles,” on page 1021. 


61.3 Generating Reports 


You can generate reports on demand at the Monitor Agent consoles to help you manage message 
flow throughout your GroupWise system. 

+ Section 61.3.1, “Link Trace Report,” on page 1002 

¢ Section 61.3.2, “Link Configuration Report,” on page 1003 

+ Section 61.3.3, “Image Map Report,” on page 1004 

+ Section 61.3.4, “Environment Report,” on page 1009 

+ Section 61.3.5, “User Traffic Report,” on page 1009 

+ Section 61.3.6, “Link Traffic Report,” on page 1010 

¢ Section 61.3.7, “Message Tracking Report,” on page 1010 

+ Section 61.3.8, “Performance Tracking Report,” on page 1011 

+ Section 61.3.9, “Connected User Report,” on page 1011 

¢ Section 61.3.10, “Gateway Accounting Report,” on page 1011 

+ Section 61.3.11, “Trends Report,” on page 1011 

+ Section 61.3.12, “Down Time Report,” on page 1012 


61.3.1 Link Trace Report 


A link trace report enables you to follow the path a message would take between two GroupWise 
domains. A link trace report includes a list of all the domains through which a message would need 
to pass, along with their current status, link type, address, and number of messages currently queued 
in each domain. If any domain along the link path is closed, an error message is displayed. 


If a message fails to arrive at its destination, this report can help you pinpoint its current location, so 
you can resolve the problem and get messages flowing smoothly again. 


At the Windows Monitor Agent server console: 
1 Click Reports > Link Trace. 
or 


On Linux, at the Monitor Agent Web console, click Link Trace. 
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2 Select a starting domain and a target domain. 


3 If you want to trace the path back, which is the route status messages will take, select Trace 
Return Path. 


4 Click Trace. 


LAMM j= x! 
Starting Domain Target Domain 
Close 
Help 





T Trace Return Path 


[Status | Domain [ NewtLink | Link Type | Address | LinkStatus | 
1° Normal Provol Provo2 TCP/IP iboogaard-win Open 
WY Normal Provo2 Provod Mapped \\iboogaard-nw Open 





If any domain in the path is closed, an error message displays so you know where the problem 
is occurring. 


5 When you are finished tracing links, click Close. 


61.3.2 Link Configuration Report 


A link configuration report enables you to list the links from one or more Group Wise domains to all 
other domains in your GroupWise system. This helps you identify inefficient link paths, loops, and 
unreachable domains. All domains must be open to obtain an accurate link map of your GroupWise 
system. 


1 Make sure all domains in your GroupWise system are open. 


You cannot obtain an accurate link map of your GroupWise system if any domains are closed. 
For assistance with closed domains, see “Message Transfer Agent Problems” in GroupWise 7 
Troubleshooting 2: Solutions to Common Problems. 
At the Windows Monitor Agent server console: 
2 Click Reports > Link Configuration 
or 
On Linux, at the Monitor Agent Web console, click Link Configuration 
3 Select 477 Agents 
or 
Select a specific agent from the drop-down list. 
4 Click Run 
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Link Configuration [x] 


@ All Agents 


C SelectedAgent [Po ë x 








(7 Provo2 Provol Provo2, Provol 

W Provo2 Provo3 Provo2, Provo3 

W Provo2 Provo4 Provo2, Provo4 

WV Provol Provo2 Provol, Provo2 

W Provol Provo3 Provo1, Provo3 

(7 Provol Provo4 Provol, Provo2, Provod 
EJ Provo3 Provo2 Provo3 - Read Failed 
E Provo4 Provo2 Provo4 - Read Failed 





The list shows what domains a message would pass through to travel from the domain in the 
Source column to the domain in the Destination column. If a domain displays as closed, it 
means that the Monitor Agent could not contact the MTA for the domain or that a loop was 
detected in the link configuration. 


5 When you are finished checking links, click Close. 


61.3.3 Image Map Report 


An image map enables you to create a visual picture of your GroupWise system, whether it resides 
in a single office building or spans the globe. You provide the maps; Monitor provides the up-to-the- 
minute status information at a glance. 

+ “Making Maps Available in Monitor” on page 1004 

+ “Setting Up Maps” on page 1005 

+ “Setting Up Regions” on page 1006 

+ “Adding Agents to a Map” on page 1007 

+ “Using an Image Map to Monitor Agents” on page 1008 





NOTE: The image map report cannot be generated at the Windows Monitor Agent server console. 
You must use the Monitor Agent Web console. 





Making Maps Available in Monitor 
1 Obtain useful maps from the Internet or other location. 


You can use maps that vary in detail. For example, you could have one map the focuses on a 
particular corporate office building, another that shows offices throughout your country, and 
another that shows offices throughout the world. You can select from images in PNG and JPG 
format. 


2 Copy the maps you want to use into the maps subdirectory of the monwork directory. 


The default location of the monwork directory varies by platform. 


Linux: /tmp/gwmon/monwork\maps 


Windows: c:\gwmon\monwork\maps 
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You can change the location using the /monwork startup switch. For more information, see 
Chapter 63, “Using Monitor Agent Switches,” on page 1023 


3 Continue with Setting Up Maps. 
Setting Up Maps 
1 Inthe Monitor Agent Web console, click Map. 


Status | Preferences | Link Trace | Link Configuration | Reports | Log | Map 





Initially, no maps are available in Monitor. 


2 Click New to display all the maps that are available in the maps directory. 


Status | Preferences | Link Trace | Link Configuration | Reports | Log | Map 


Select map to use in image map 









au 
euoutl.pne earthtruecolor nasa big. jpg 


The filename of each map is displayed below it. 
3 Click the map that you want to set up, specify a custom name for the map, then click Create. 


Select an agent or map Provo3 =| Remove | Done 
Click on the map to place the agent Line color | Red x 
Ç > 


© 





This makes the map available for use in Monitor. 


4 To set up additional maps for use in Monitor, click Done to return to the Image Map Selection 
menu, then repeat Step 2 and Step 3 for each map that is available in the maps directory to 
make it available in Monitor. 


5 Ifyou want to make one or more smaller-scale maps available from a large-scale map, continue 
with “Setting Up Regions” on page 1006. 


or 
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If your maps are all independent from each other, skip to “Adding Agents to a Map” on 
page 1007. 


Setting Up Regions 


If some of your maps are subsets of other maps, you can set up a large-scale map so that it links to 
one or more smaller-scale maps. For example, a map of the world could have a region for each 


continent or country, or a map of a city or country could have a region for each office where 
GroupWise domains or post offices are located. 


1 Set up at least two maps in Monitor, as described in “Making Maps Available in Monitor” on 
page 1004. 


2 Inthe Monitor Agent Web console, click Map to display the maps that are available in Monitor. 


Status | Preferences | Link Trace | Link Configuration | Reports | Log | Map 











View Edit Delete New 








Europe 


The custom name of each map is displayed below it. 

3 Click Edit, then click a large-scale map. 

4 Inthe drop-down list, scroll down through the agents, click the smaller-scale map that you want 
to define as a region, then click on the large-scale map to refresh the view. 


5 Click points on the map to surround the region. 





6 Click Done to define the region. 





NOTE: With a very wide map, you need to scroll horizontally to display the Done button. 





The region appears labeled on the large-scale map. 
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7 To define more regions on the large-scale map, click Done to return to the available maps, then 
repeat Step 3 through Step 6 for each region. 


or 


To place agents on a map, continue with Adding Agents to a Map. 


Adding Agents to a Map 


1 Inthe Monitor Agent Web console, click Map to display the maps that are available in Monitor. 





Status | Preferences | Link Trace | Link Configuration | Reports | Log | Map 


View Edit Delete New 














Europe 


The custom name of each map is displayed below it. 
2 Click Edit, then click the map where you want to add agents. 


3 Select an agent in the drop-down list, then click the place on the map where that agent is 
located. 


The agent name appears in a blue box. 


4 Select additional agents and locations as needed. 
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Select an agent or map Sales.Provo2 v| Remove | Done 
Click on the map to place the agent Line color: | Red x 





5 Inthe Line Color drop-down list, select the color to use to show links between locations. 


Make sure you select a color that shows up well on the particular map. Lines display on the 
map only when links between locations are down. 


6 Click Done when the map includes all the needed GroupWise agents in their respective 
locations. 


7 Continue with Using an Image Map to Monitor Agents 


Using an Image Map to Monitor Agents 


1 Inthe Monitor Agent Web console, click Map > View. 
2 Click a map to view agent status. 
or 


If the map has regions, click a region to display the map that has agent status for that region. 





At this point, the Monitor Agent checks the status of each agent on the map. Any agent that is 
down or that has a status of Major, Critical, or Warning displays in red on the map. Agents with 
a lower status do not display on the map. Ifa link between agents is down, a line displays 
between the agents. 
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61.3.4 Environment Report 


An environment report lists all monitored agents, along with each agent’s location, version, IP 
address, port number, and operating system information. For NetWare® agents, the server name, 
CLIB version, TCP/IP version, Novell eDirectory™ version, and the number of packet receive 
buffers are also listed. 


At the Windows Monitor Agent server console or the Monitor Agent Web console: 


1 Click Reports > Environment. 


Environment Report i xj 
[Eoen Name [Agent Type [Agent Version [Agen Adios: | Agent Pon | ServerName | OSveson | 


Development Pro... POA 7.0 (7/12/2007) — 173.15.4.13 1677 PRY-GW Novell NetWare .. 
Send | 





Marketing. Provo3 POA 7.0 (07/21/2007) = 173.15.4.15 1677 Linux 

Provol MTA 7.0 (7/12/2007) 173.15.4.13 7100 PRV-GW Novell NetWare... 

Provo1.GWIA GWIA 7.0 (07-12-07) 173.15.4.13 9850 PRV-GW Novell NetWare .. Save | 
Provo2 MTA 7.0 (7/27/2007) 173.15.4.16 7100 Windows NT (T. 

Provo2. GWIA GWIA 173.15.4.16 9850 Help | 
Provo3 MTA 7.0 (07/21/2007) 173.15.4.15 7100 Linux 

Provo3.GWIA GWIA 7.0 (07/21/2007) 173.15.4.15 9850 Linux Release 2... 

Sales. Provo2 POA 7.0 (7/27/2007) 173.15.4.16 1677 Windows NT (T. 

WEBAC7O4 Prov... WEBACC 7.0.0 (7/12/2007) 173.15.4.13 7211 Novell NetWare 

WEBAC7O4 Prov... WEBACC 173.15.4.16 7211 

WEBAC7OA.Prov... WEBACC 7.0 (7/22/2007) 173,15.4.15 721 Linux Release 2... 





2 Scroll through the displayed information for your own use. 
or 


Click Send, type your e-mail address, type one or more e-mail addresses to send the 
environment report to, then click Send. 


3 Click OK to close the Environment Report dialog box. 


61.3.5 User Traffic Report 


A user traffic report enables you to determine how many messages a user has sent outside his or her 
post office. The user traffic report lists all messages sent by a specified user during a specified date/ 
time range, along with date, time, and size information for each message. You can also generate a 
user traffic report for all users whose messages pass through a selected domain. 


In order for the information to be available to generate a user traffic report, you must configure the 
MTA to perform message logging. See Section 41.4.2, “Enabling MTA Message Logging,” on 
page 643. 


At the Windows Monitor Agent server console or the Monitor Agent Web console: 


1 Click Reports > User Traffic. 
2 Select the user’s domain or the domain you want to generate a user traffic report for. 
3 Type the GroupWise user ID that you want to create a report for. 

or 


Leave the field blank to create a report for all users whose messages pass through the selected 
domain. 


4 If you want to restrict the report to a particular time interval, specify start and end dates and 
times. 


5 Click Run. 
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6 After the results are displayed, click Save, provide a filename for the report, select the format 
for the report, then click OK. 
Reports can be saved in comma-separated or tab-separated format to meet the needs of the 
program you plan to use to display and print the report. For example, you could bring the data 
into a spreadsheet program. If needed, you can include column headings to create an initial line 
in the output file that labels the contents of each column. 


7 When you are finished generating user traffic reports, click Close. 


61.3.6 Link Traffic Report 


A link traffic report enables you to determine how many messages are passing from a selected 
GroupWise domain across a specified link. The link traffic report lists the total number and total size 
of all messages passing through the link during each hour or half hour of operation. 


In order for the information to be available to generate a link traffic report, you must configure the 
MTA to perform message logging. See Section 41.4.2, “Enabling MTA Message Logging,” on 
page 643. 


At the Windows Monitor Agent server console or Monitor Agent Web console: 


1 Click Reports > Link Traffic. 
2 Select the source domain of the link. 


The list includes all domains that the Monitor Agent uses XML to communicate with. If the 
Monitor Agent must use SNMP to communicate with a domain, that domain is not included in 
the list. 


3 Select the other end of the link, which could be another domain, a post office, or a gateway. 


4 If you want to restrict the report to a particular time interval, specify start and end dates and 
times. 


5 Click Run. 


6 After the results are displayed, click Save, provide a filename for the report, select the format 
for the report, then click OK. 


Reports can be saved in comma-separated or tab-separated format to meet the needs of the 
program you plan to use to display and print the report. For example, you could bring the data 
into a spreadsheet program. If needed, you can include column headings to create an initial line 
in the output file that labels the contents of each column. 


7 When you are finished generating link traffic reports, click Close. 


61.3.7 Message Tracking Report 


A message tracking report enables you to track an individual message through your GroupWise 
system. The message tracking report provides information about when a message was sent, what 
queues the message has passed through, and how long it spent in each message queue. If the 
message has not been delivered, the message tracking report shows where it is. 


In order for the information to be available to generate a message tracking report, you must 
configure the MTAs in your GroupWise system to perform message logging. See Section 41.4.2, 
“Enabling MTA Message Logging,” on page 643. 
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In addition, you need to determine the message ID of the message. Have the sender check the Sent 
Item Properties of the message in the GroupWise client. The Mail Envelope Properties field displays 
the message ID of the message; for example, 3ADSEDEB.31D : 3 : 12763. 


At the Windows Monitor Agent server console or Monitor Agent Web console: 


1 Click Reports > Message Tracking. 
2 Type the message ID of the message to track. 


You can obtain the message file ID in the GroupWise client. Open the Sent Items folder, right- 
click the message, click Properties, then check the Mail Envelope Properties field for the 
message file ID; for example, 3A75BAB9.FF1 : 8 : 31642. 


3 Select the domain where you want to start tracking. 
4 Click Track. 


5 When you are finished generating message tracking reports, click Close. 


61.3.8 Performance Tracking Report 


Before you can run a performance tracking report, you must configure the Monitor Agent for 
performance tracking. See Section 61.4, “Measuring Agent Performance,” on page 1012. 


61.3.9 Connected User Report 


The Connected Users report lists all users that are currently connected to POAs throughout your 
Group Wise system. It lists username; client version, date, and platform; login time; and the IP 
address of the client user. 


At the Monitor Agent Web console: 


1 Click Reports > Connected Users. 





NOTE: The Connected Users report cannot be generated at the Windows Monitor Agent 
server console or the Monitor Web console. 





61.3.10 Gateway Accounting Report 


Before you can run a gateway accounting report, you must configure the Monitor Agent to collect 
gateway accounting data. See Section 61.5, “Collecting Gateway Accounting Data,” on page 1015. 


61.3.11 Trends Report 


The Trends report presents graphs of agent MIB variables as sampled over time. 
In the Monitor Agent Web console: 


1 Click Reports > Trends. 





NOTE: The Trends report cannot be generated at the Windows Monitor Agent server console. 





2 Click the type of agent for which you want to set up a Trend report. 


3 Specify a unique name for the Trend report. 
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4 Select the MIB variables that you want to collect values for over time, then click Add Trend. 
The Trend report appears in the Agent Trends list. 
5 Click the Trend report to view the graphs. 


61.3.12 Down Time Report 


The Down Time report graphically illustrates how much time each GroupWise agent has been down 
during the day. 


In the Monitor Agent Web console: 


1 Click Reports > Down Time. 





NOTE: The Down Time report cannot be generated at the Windows Monitor Agent server 
console. 





61.4 Measuring Agent Performance 


To test the performance of the agents in your GroupWise system, you can send performance test 
messages from a specially configured Monitor domain to target domains anywhere in your 
GroupWise system. The Monitor Agent measures the amount of time it takes for replies to return 
from the target domains, which lets you ascertain the speed at which messages flow through your 
Group Wise system. 


Perform the following steps to set up agent performance testing: 


+ Section 61.4.1, “Setting Up an External Monitor Domain,” on page 1012 
+ Section 61.4.2, “Selecting an MTA to Communicate with the Monitor Agent,” on page 1013 


+ Section 61.4.3, “Configuring the Monitor Agent for Agent Performance Testing,” on 
page 1014 


+ Section 61.4.4, “Viewing Agent Performance Data,” on page 1014 
+ Section 61.4.5, “Viewing an Agent Performance Report,” on page 1015 


+ Section 61.4.6, “Receiving Notification of Agent Performance Problems,” on page 1015 


61.4.1 Setting Up an External Monitor Domain 


Before you can use the Group Wise Performance Testing dialog box to configure and enable 
GroupWise performance testing, you must create a specially configured Monitor domain and select 
an MTA to receive performance test messages from the Monitor Agent. The Monitor Agent uses an 
external GroupWise domain as part of measuring performance. 


In ConsoleOne: 
1 Create an external GroupWise domain. 


For information about external GroupWise domains, see “Creating an External Domain” in 
“Connecting to GroupWise 5.x, 6.x, and 7.x Systems” in the GroupWise 7 Multi-System 
Administration Guide. By creating an external domain, you enable the Monitor Agent to 
approximate the round-trip time for e-mail messages to travel to recipients and for status 
messages to travel back to senders. If you are going to set up gateway accounting reports, as 
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described in Section 61.5, “Collecting Gateway Accounting Data,” on page 1015, you can use 
this same external domain for collecting accounting data. 


Create External GroupWise Domain 


Domain name: 





Domain Database Location (optional): 





Time Zone: 
(GMT-07:00) Mountain Time (US & Canada) 





Version: 
7 





Link To Domain: 











Provo1 


| Create another domain 





2 Name the external domain to reflect its role in your Group Wise system. 


For example, you could name it ExternalMonitorDomain. It does not matter which domain you 
link the external domain to. 


3 Continue with Section 61.4.2, “Selecting an MTA to Communicate with the Monitor Agent,” 
on page 1013. 


61.4.2 Selecting an MTA to Communicate with the Monitor 
Agent 
The Monitor Agent needs to send its performance testing messages to a specific MTA in your 


GroupWise system. It does not matter which MTA you decide to use. It could be the MTA for the 
domain to which the external Monitor domain is linked. 


In the Link Configuration Tool in ConsoleOne (Tools > GroupWise Utilities > Link Configuration): 


1 Configure the outbound link from the selected MTA to the external Monitor domain to be a 
TCP/IP link. 


Edit Domain Link 


Description: How Provo1 connects to GW Performance Tester OK 
Link Type: Direct Zi 





Cancel 


Settings 
Help 
Protocol: TCPAP x 


IP Address: | 2 Scheduling... 





I Override 


Maximum send message size: 0 4 MBytes 





Delay message size: 0 4 MBytes 


H External Link Info... 








2 Click the pencil icon to provide the IP address of the server where the Monitor Agent runs. 
3 Specify a unigue port number for the MTA to use to communicate with the Monitor Agent. 
4 Click OK twice to finish modifying the link. 

5 Exit the Link Configuration Tool to save the new link configuration information. 


6 Continue with Section 61.4.3, “Configuring the Monitor Agent for Agent Performance 
Testing,” on page 1014. 
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61.4.3 Configuring the Monitor Agent for Agent Performance 
Testing 


After you have created an external Monitor domain and configured a link from it to an MTA, you are 
ready to configure the Monitor Agent for performance testing. 


At the Windows Monitor Agent server console: 
1 Click Configuration > Performance Testing. 
or 


On Linux, at the Monitor Agent Web console, click Preferences > Setup, then scroll down to 
the Performance Testing section. 


x 
Domain to send messages to CE 
Send performance messages every E a minutes Cancel 
J” Enable GroupWise Performance Testing Help 


Send performance messages to- 
C AllAgents 
@ Monitored Agents 








2 Fill in the fields: 


Domain Name for GroupWise Monitor: Select the external Monitor domain that you 
configured for system performance testing. 


You might need to restart the Monitor Agent in order to see the new Monitor domain in the 
drop-down list. 


Send Performance Messages Every: Specify in minutes the time interval for the Monitor 
Agent to send performance test messages. 


Enable GroupWise Performance Testing: Select this option to turn on performance testing. 
Deselect this option when you have finished your performance testing. 


Send Performance Messages To: Select A// Agents to send performance test messages to all 
domains in your GroupWise system. Select Filtered Agents to send performance test messages 
only to the agents currently listed at the Monitor Agent console. 


3 Click OK to put the performance testing settings into effect. 
4 Continue with Section 61.4.4, “Viewing Agent Performance Data,” on page 1014. 
or 


Continue with Section 61.4.6, “Receiving Notification of Agent Performance Problems,” on 
page 1015. 


61.4.4 Viewing Agent Performance Data 


The information gathered by the Monitor Agent through performance test messages is recorded in 
the Monitor history log. 


At the Windows Monitor Agent server console or Monitor Agent Web console: 


1 Click Log > View History Files. 
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2 Select a history log file > click View. 


61.4.5 Viewing an Agent Performance Report 


A performance testing report enables you to measure how long it takes messages to travel through 
your GroupWise system. The performance testing report lists each domain that a performance test 
message was sent to, when it was sent by the Monitor Agent, and the number of seconds between 

when it was sent and when the Monitor Agent received a response from the tested agent. 


At the Windows Monitor Agent server console or Monitor Agent Web console: 


1 Click Reports > Performance Testing. 


2 Select AlI Domains to generate a performance testing report for all domains in your Group Wise 
system. 


or 
Select one domain to generate a performance testing report for it. 


3 Click Run to generate the performance testing report. 


61.4.6 Receiving Notification of Agent Performance Problems 


If you want the Monitor Agent to notify you if system performance drops to an unacceptable level, 
you can create a threshold to check the mtaLastResponseTime and mtaAvgResponseTime MIB 
variables. The average response time is a daily average that is reset at midnight. See Section 59.5.2, 
“Customizing Notification Thresholds,” on page 981 for setup instructions. 


61.5 Collecting Gateway Accounting Data 


To gather gateway accounting data for a gateway, you set up a specially configured Monitor domain. 
The Monitor Agent then measures the traffic that passes through the gateway. 


Perform the following steps to set up gateway accounting: 


+ Section 61.5.1, “Setting Up an External Monitor Domain,” on page 1015 
+ Section 61.5.2, “Selecting an MTA to Communicate with the Monitor Agent,” on page 1016 


+ Section 61.5.3, “Setting Up an External Post Office and External User for Monitor,” on 
page 1017 


+ Section 61.5.4, “Receiving the Accounting Files,” on page 1017 
+ Section 61.5.5, “Viewing the Gateway Accounting Report,” on page 1018 


61.5.1 Setting Up an External Monitor Domain 


Before you can run a gateway accounting report, you must create a specially configured Monitor 
domain and select an MTA to transfer accounting data to and from the Monitor Agent. The Monitor 
Agent uses an external GroupWise domain as part of this process. 


In ConsoleOne®: 


1 Create an external GroupWise domain. 
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For information about external GroupWise domains, see “Creating an External Domain” in 
“Connecting to GroupWise 5.x, 6.x, and 7.x Systems” in the GroupWise 7 Multi-System 
Administration Guide. If you are going to set up agent performance reports, as described in 
Section 61.4, “Measuring Agent Performance,” on page 1012, you can use this same external 
domain for collecting agent performance data. 


KE Create External GroupWise Domain 


Domain name: 





Domain Database Location (optional): 








Time Zone: 
(GMT-07:00) Mountain Time (US 8 Canada) 





Version: 
z 
Link To Domain: 
Provo1 











| Create another domain 





2 Name the external domain to reflect its role in your Group Wise system. 


For example, you could name it ExternalMonitorDomain. It does not matter which domain you 
link the external domain to. 


3 Continue with Section 61.4.2, “Selecting an MTA to Communicate with the Monitor Agent,” 
on page 1013. 


61.5.2 Selecting an MTA to Communicate with the Monitor 
Agent 
The Monitor Agent needs to receive its gateway accounting messages from a specific MTA in your 


GroupWise system. It does not matter which MTA you decide to use. It could be the MTA for the 
domain to which the external Monitor domain is linked. 


In the Link Configuration Tool in ConsoleOne (Tools > GroupWise Utilities > Link Configuration): 


1 Configure the outbound link from the selected MTA to the external Monitor domain to be a 
TCP/IP link. 


Edit Domain Link 


Description: How Provo1 connects to GW Performance Tester 


Link Type: Direct El 





Cancel 


Settings 
Protocol: TCPAP x 


IP Address: | Scheduling... 


Help 








I Override 


Maximum send message size: 0 4 MBytes 





Delay message size: 0 4 MBytes 





External Link Info... 








2 Click the pencil icon to provide the IP address of the server where the Monitor Agent runs. 
3 Specify a unique port number for the MTA to use to communicate with the Monitor Agent. 
4 Click OK twice to finish modifying the link. 


5 Exit the Link Configuration Tool to save the new link configuration information. 
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6 Continue with Setting Up an External Post Office and External User for Monitor. 


61.5.3 Setting Up an External Post Office and External User for 
Monitor 


The setup for gateway accounting requires an external post office and an external user in the 
external domain. 


1 Create an external GroupWise post office. 
1a Right-click the External Domain object, then click New External Post Office. 


Create External GroupWise Post Office 


Post office name: 





Time Zone: SRE 


(GMT-07:00) Mountain Time (US & Canada) El Help 














! Create another post office 





1b Name the external post office to reflect its role, such as ExternalMonitorPO. 
1c Click OK. 

2 Create an external user. 
2a Right-click the External Post Office object, then click New > External User. 


= Create GroupWise External User 


User Name: 





Cancel 


T Create another external user 


Help 








2b Name the external user to reflect its role, such as External MonitorUser. 
2c Click OK. 


2d Continue with Receiving the Accounting Files 


61.5.4 Receiving the Accounting Files 


1 Make sure that you are set up to receive gateway accounting files. 


For example, if you want to set up a gateway accounting report for activity to and from the 
Internet through the Internet Agent, you would add yourself as an Accountant on the Gateway 
Administrators page of the Internet Agent object, as described in Section 47.3, “Tracking 
Internet Traffic with Accounting Data,” on page 764. The Exchange Gateway and the Notes 
Gateway have comparable property pages. 

2 Inthe GroupWise client, create a rule to forward all gateway accounting messages (that is, 
those messages with an attached acct file) to the Monitor user in the external gateway 
accounting post office. 

3 In order to establish the link, restart the Monitor Agent and the MTA selected in Section 61.5.2, 
“Selecting an MTA to Communicate with the Monitor Agent,” on page 1016. 


4 To see that the logs are being received by the Monitor Agent: 
4a At the Monitor Agent Web console, click Log > Gateway Accounting Logs. 
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4b Select the Internet Agent or gateway, then click View Accounting Logs. 


If logs are listed, then data is successfully arriving to the Monitor Agent. The Monitor 
Agent uses this data to generate gateway accounting reports. 


The accounting log files on stored on the server where the Monitor Agent is running. The 
default location varies by platform. 


Linux: /var/log/novell/groupwise/gwmon/acct 


Windows: c:\gwmon\acct 


61.5.5 Viewing the Gateway Accounting Report 


After gateway accounting files are being successfully sent to the Monitor Agent for processing, you 
can view the Gateway Accounting report in your Web browser. The Gateway Accounting report 
organizes information gathered in gateway accounting files into a format that is visually easy to 
read. 


1 Atthe Monitor Agent Web console, click Reports > Gateway Accounting. 


NOTE: The Gateway Accounting report cannot be generated at the Windows Monitor Agent 
server console. 





2 Select the Internet Agent (GWIA) or gateway for which you want to view accounting reports, 
then click View Accounting Reports. 


You can view the report by domains or by users. You can sort the report on any column. 


61.6 Assigning Responsibility for Specific 
Agents 


If multiple GroupWise administrators manage the agents throughout your GroupWise system, you 
can assign a contact for each agent. Or, in a help desk environment, a person can be assigned to an 
agent when a problem occurs. The person assigned to the agent can record notes about the 
functioning of the agent, which are then available to other administrators. 


At the Windows Monitor Agent server console: 
1 Right-click an agent in the agent status window, then click Agent Details. 
or 


On Linux, at the Monitor Agent Web console, click the agent status link. 
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Name Development.Provol OK 
a a 
Address — jbd-nw.provo.novel.com Cancel 
Port 1677 

State Normal MIB Values 
Poll Type XML Help 
Thresholds 

Suggestions 


Assigned to [ 


Notes a 





2 Inthe Assign To field, type the name of the Group Wise administrator who is responsible for this 
agent. 


The name is displayed to the right of the agent status in the status window of the Monitor Agent 
console and the Monitor Web console. 


3 Inthe Notes box, type any comments you might have about the agent. 


If a problem with the agent occurs, the Thresholds box and the Suggestions box displays 
helpful information about the problem if you have set up customized thresholds, as described in 
Section 59.5.2, “Customizing Notification Thresholds,” on page 981. 


4 Click OK to save the information about who is assigned to the agent. 


61.7 Searching for Agents 


If you monitor a large number of agents, the list displayed in the Monitor Web console can become 
very long. You can easily search for an individual agent or for a group of related agents. 


At the Monitor Web console: 


1 Click the Search icon. 





GroupWise» Monitor 

S h zy ally 5 
earc OE Fal Pa Eg A 
~ Corporate Mail [2] 


> NetWare Agents [2] 


> Windows Agents [2] Agent names fo 















































Create Agent View: © Problem Agents © Monitored Agents C All Agents 
Rename 

Move Agent Type: ["mT& M poa D Gwia FT wegacc M PAGER 
Delete async [api [FAX F Tas I GATEWAY 
Refresh F x400 M x25 I EXCHANGE I other 
Help 
(el Sort By: Name x 
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NOTE: The Search feature is not available in the Windows Monitor Agent server console or 
the Monitor Agent Web console. 





2 Type the name of an agent. 
or 
Select Problems to list all agents whose status is other than Normal. 
or 
Select one or more types of agent to list. 
3 Select the number of instances you want listed at one time. 
4 Click Search. 


The results display on the Search page with the same functionality as is available on the regular 
Monitor Web console pages. 
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Comparing the Monitor Consoles 


Many aspects of agent monitoring are available in one or more of the Monitor Agent consoles. The 
table below summarizes agent monitoring features and where they are available. 


Task 

Selecting Agents to Monitor 

Creating and Managing Agent Groups 
Viewing All Agents 


Viewing Problem Agents 

Viewing an Agent Server Console 

Viewing an Agent Web Console 

Searching for Agents 

Assigning Responsibility for Specific Agents 
Configuring the Monitor Agent for HTTP 
Configuring the Monitor Agent for SNMP 
Configuring Polling of Monitored Agents 


Configuring E-Mail Notification for Agent 
Problems 


Configuring Audible Notification for Agent 
Problems 


Configuring SNMP Trap Notification for 
Agent Problems 


Configuring Authentication and Intruder 
Lockout for the Monitor Web Console 


Configuring Monitor Agent Log Settings 
Monitoring Messenger Agents 
Generating Reports 

Link Trace Report 

Link Configuration Report 

Image Map Report 

Environment Report 


User Traffic Report 


Windows Monitor 
Agent Server 
Console 


Yes 
Yes 


Yes 


Yes 
Yes 
Yes 
No 

Yes 
Yes 
Yes 
Yes 


Yes 


Yes 


Yes 


Yes 


Yes 
Yes 
Yes 
Yes 
Yes 
No 

Yes 


Yes 


Monitor Agent Web Monitor Web 

Console Console 

Yes No 

Yes Yes 

Yes Yes if not in 
groups 

Yes Yes 

No No 

Yes Yes 

No Yes 

Yes Yes 

Yes Yes 

Yes Yes 

Yes Yes 

Yes Yes 

No No 

Yes Yes 


Authentication: Yes No 
Intruder Lockout: No 


Yes 
Yes 
Yes 
Yes 
Yes 
Yes 
Yes 


Yes 


Yes 
Yes 
Yes 
Yes 
Yes 
No 
No 
No 
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Link Traffic Report 

Message Tracking Report 
Performance Tracking Report 
Connected User Report 
Gateway Accounting Report 
Trends Report 


Down Time Report 
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Yes 
Yes 
Yes 
No 
No 
No 
No 


Yes 
Yes 
Yes 
Yes 
Yes 
Yes 


Yes 


No 
No 
No 
No 
No 
No 
No 


Using Monitor Agent Switches 


GroupWise” Monitor Agent startup switches must be used on the command line when you start the 
Monitor Agent, or in a script or batch file created to start the Monitor Agent. The Monitor Agent 
does not have a startup file for switches. 


Linux: If you start the Monitor Agent by running the gwmon executable, you can create a script 
like the following: 


/opt/novell/groupwise/agents/bin/gwmon --home /domain directory -- 
other switches & 


If you start the Monitor Agent by running the grpwise-ma script, you can edit the 
MA. OPTIONS variable to include any switches you want to set. 


Windows: 


You can create a batch file like the following: 


c:\gwmon\gwmon.exe /startup Switch /startup switch ... 


You can create a desktop icon for your batch file, or you can add startup switches to the 
Monitor Agent desktop icon that is created when you install the Monitor Agent. 


The table below summarizes Monitor Agent startup switches for all platforms and how they 
correspond to configuration settings in the Windows Monitor Agent Server Console. 


Switch starts with: abcdefghijklmnopqrstuvwxyz 


Linux Monitor Agent 
--hapassword 
--hapoll 

--hauser 

--help 

--home 
--httpagentpassword 
--httpagentuser 
--httpcertfile 
--httpmonpassword 
--httpmonuser 
--httpport 

--httpssl 

--ipa 

--ipp 


--lang 


Windows Monitor Agent 


/hapassword 
/hapoll 

lhauser 

/help 

/home 
/httpagentpassword 
/nttpagentuser 
/httpcertfile 
/httpmonpassword 
/httpmonuser 
/httpport 

/nttpssl 

lipa 

lipp 

lang 


Windows Monitor Agent Server Console 
N/A 

N/A 

N/A 

N/A 

N/A 

Configuration > Poll Settings > HTTP Password 
Configuration > Poll Settings HTTP User 
N/A 

Configuration > HTTP > HTTP Password 
Configuration > HTTP > HTTP User 
Configuration > HTTP > HTTP Port 

N/A 

N/A 

N/A 

N/A 
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Linux Monitor Agent 
--log 
--monwork 


--nmaddress 


--nmhome 


--nmpassword 


--nmuser 


--nosnmp 
--pollthreads 
--proxy 


--tcpwaitconnect 


Windows Monitor Agent 
log 
/monwork 


/nmaddress 


/nmhome 


/nmpassword 


/nmuser 


/nosnmp 
/pollthreads 
/proxy 


/tcpwaitconnect 


Windows Monitor Agent Server Console 
Log > Log Settings > Log File Path 
N/A 


Configuration > Add Novell Messenger System 
> Replica Address 


Configuration > Add Novell Messenger System 
> Novell Messenger System Object 


Configuration > Add Novell Messenger System 
> Password 


Configuration > Add Novell Messenger System 
> User Name 


N/A 
N/A 
N/A 
N/A 





NOTE: The Monitor Agent Web console does not include any settings comparable to the Monitor 
Agent startup switches. 





63.1 /hapassword 


Specifies the password for the Linux username that the Monitor Agent uses to log in to the Linux 
server where the GroupWise High Availability service is running. See Section 59.12, “Supporting 
the GroupWise High Availability Service on Linux,” on page 989. 


Linux Monitor Agent Windows Monitor Agent 


Syntax: --hapassword password /napassword-password 


Example: --hapassword high /hapassword-high 


See also /hauser and /hapoll. 


63.2 /hapoll 


Specifies in seconds the poll cycle on which the Monitor Agent contacts the Group Wise High 
Availability service to provide agent status information. The default is 120. The actual duration of 
the poll cycle can vary from the specified number of seconds because the actual duration includes 
the time during which the Monitor Agent is checking agent status and restarting agents as needed. 
Then the specified poll cycle begins again and continues for the specified number of seconds. See 
Section 59.12, “Supporting the GroupWise High Availability Service on Linux,” on page 989. 
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Linux Monitor Agent Windows Monitor Agent 


Syntax: --hapoll seconds /hapoll-seconds 


Example: --hapoll 240 /hapoll-60 


See also /hauser and /hapassword. 


63.3 /hauser 


Specifies the Linux username that the Monitor Agent can use to log in to the Linux server where the 
Group Wise High Availability service is running. See Section 59.12, “Supporting the Group Wise 
High Availability Service on Linux,” on page 989. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --hauser username /hauser-username 
Example: --hauser GWHA /hauser-GWHA 


See also /hapassword and /hapoll. 


63.4 /help 


Displays the Monitor Agent startup switch Help information. When this switch is used, the Monitor 
Agent does not start. 
Linux Monitor Agent Windows Monitor Agent 


Syntax: --help /help 


63.5 /home 


Specifies a domain directory, where the Monitor Agent can access a domain database 
(wpdomain.db). From the domain database, the Monitor Agent can determine which agents to 
monitor, what usernames and passwords are necessary to access them, and so on. 


Linux Monitor Agent Windows Monitor Agent 


Syntax: --home /directory /home-[svA][vol:]\dir 
/home-\\svAvoñdir 
/home-[drive:]\dir 
/nome-\\svAsharename\dir 
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Linux Monitor Agent Windows Monitor Agent 


Example: --home /gwsystem/provo2 /home-\provo2 
/home-mail:\provo2 
/nome-server2\mail:\provo2 
/nome-\\server2\mail\provo2 
/nome-\provo2 
/home-m:\provo2 
/nome-\\server2\c\mail\provo 


See also /ipa and /ipp. 


63.6 /httpagentpassword 


Specifies the password for the Monitor Agent to prompt for when contacting monitored agents for 
status information. Providing a password is optional. See Section 59.3.1, “Configuring the Monitor 
Agent for HTTP,” on page 975. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --httpagentpassword unique password — /httpagentpassword-unigue. password 
Example: --httpagentpassword Watchlt /httpagentpassword-Watchlt 


See also /httpagentuser. 


63.7 /httpagentuser 


Specifies the username for the Monitor Agent to use when contacting monitored agents for status 
information. Providing a username is optional. See Section 59.3.1, “Configuring the Monitor Agent 
for HTTP,” on page 975. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --httpagentuser unique_username /nttpagentuser-unique_username 
Example: --httpagentuser AgentWatcher /nttpagentuser-AgentWatcher 


See also /httpagentpassword. 


63.8 /httpcertfile 


Specifies the full path to the public certificate file used to provide secure SSL communication 
between the Monitor Agent and the Monitor Web console displayed in your Web browser. See 
Section 59.8, “Configuring Authentication and Intruder Lockout for the Monitor Web Console,” on 
page 985. 
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Linux Monitor Agent Windows Monitor Agent 


Syntax: --httpcertfile /dir/file /nttpcertfile-[drive:]\din\file 
/httpcertfile-\\svAsharename\dinfile 


Example: _ --httpcertfile /certs/gw.crt /nttpcertfile-\ssl\gw.crt 
/nttpcertfile-m:\ssl\gw.crt 
/nttpcertfile-\\server2\c\ssl\gw.crt 


See also /httpssl. 


63.9 /httpmonpassword 


Specifies the password for the Monitor Web console to prompt for before allowing a user to display 
the Monitor Web console. Do not use an existing Novell® eDirectory™ password because the 
information passes over the non-secure connection between your Web browser and the Monitor 
Agent. See Section 59.8, “Configuring Authentication and Intruder Lockout for the Monitor Web 
Console,” on page 985. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --httpmonpassword unique_password Ihttpmonpassword-unigue. password 
Example: --httpmonpassword Watchit /nttpmonpassword-Watchlt 


See also /httpmonuser. 


63.10 /httpmonuser 


Specifies the username for the Monitor Web console to prompt for before allowing a user to display 
the Monitor Web console. Providing a username is optional. Do not use an existing eDirectory 
username because the information passes over the non-secure connection between your Web 
browser and the Monitor Agent. See Section 59.8, “Configuring Authentication and Intruder 
Lockout for the Monitor Web Console,” on page 985. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --httpmonuser unique_username /nttpmonuser-unique_username 
Example: --httpmonuser MonAdmin /httpmonuser-MonAdmin 


See also /httpmonpassword. 
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63.11 /httpport 


Sets the HTTP port number used for the Monitor Agent to communicate with your Web browser. 
The default is 8200; the setting must be unique. See Section 59.3.1, “Configuring the Monitor Agent 
for HTTP,” on page 975. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --httpport port_number Ihttpport-port number 
Example: --httpport 8201 /httpport-9200 


63.12 /httpssl 


Enables secure SSL communication between the Monitor Agent and the Monitor Web console 
displayed in your Web browser. See Section 59.8, “Configuring Authentication and Intruder 
Lockout for the Monitor Web Console,” on page 985. 


Linux Monitor Agent Windows Monitor Agent 


Syntax: --httpssl /httpssl 
See also /httpcertfile. 


63.13 /ipa 


Specifies the network address (IP address or DNS hostname) of a server where an MTA is running. 
The Monitor Agent can communicate with the MTA to obtain information about agents to monitor. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --ipa network_address /ipa-network_address 
Example: --ipa 172.16.5.19 lipa-172.16.5.20 

--ipa server2 /ipa-server3 
See also /ipp. 


63.14 /ipp 


Specifies the TCP port number associated with the network address of an MTA with which the 
Monitor Agent can communicate to obtain information about agents to monitor. Typically, the MTA 
listens for service requests on port 7100. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --ipp port_number /ipp-port_number 
Example: — --ipp 7110 lipp-7111 
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See also /ipa. 


63.15 /lang 


Specifies the language to run the Monitor Agent in, using a two-letter language code as listed below. 
You must install the Monitor Agent in the selected language in order for the Monitor Agent to 
display in the selected language. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --lang code llang-code 
Example: --lang de Nang-fr 


The table below lists the valid language codes. Contact your local Novell sales office for 
information about language availability. 


Table 63-1 Language Codes 


Language alas Language oe 
Arabic AR Hungarian MA 
Czechoslovakian CS Italian IT 
Chinese-Simplified CS Japanese NI 
Chinese-Traditional CT Korean KR 
Danish DK Norwegian NO 
Dutch NL Polish PL 
English-United States US Portuguese-Brazil BR 
Finnish SU Russian RU 
French-France FR Spanish ES 
German-Germany DE Swedish SV 
Hebrew HE 


63.16 /log 


Specifies the full path of the directory where the Monitor Agent writes its log files. On Linux, the 
default directory is /var/log/novell/groupwise/gwmon. On Windows, the default is the 
Group Wise Monitor installation directory (typically c : \gwmon). See Section 59.9, “Configuring 
Monitor Agent Log Settings,” on page 986. 
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Linux Monitor Agent 


Syntax: --log /dir/file 


Example: — --log /opt/novell/groupwise/agents/logs 


63.17 /monwork 


Windows Monitor Agent 


log-[drive:]\dinfile 
/log-\\svñsharename\dinfile 
/log-\gw\logs 
/log-m:\gw\logs 
/log-\\server2\c\gw\logs 


Specifies the location where the Monitor Agent creates it working directory. The default location 


varies by platform. 


Linux: /tmp/gwmon 


Windows: c:\gwmon 


Linux Monitor Agent 


Syntax: --monwork /directory 


Example: --monwork /tmp 


63.18 /nmaddress 


Windows Monitor Agent 


/monwork-[svA][vol:]\dir 
/monwork-\\svAvoldir 
/monwork-[drive:]\dir 
/monwork-\\svAsharename\dir 


/monwork-\temp 
/monwork-mail:\temp 
/monwork-server2\mail:temp 
/monwork-\\server2\mail\temp 
/monwork-\temp 
/monwork-m:\temp 
/monwork-\\server2\c\mail\temp 


Specifies the IP address where an eDirectory replica is available, from which the Monitor Agent can 
obtain the information it needs to monitor Messenger Agents. See Section 59.11, “Monitoring 


Messenger Agents,” on page 988. 


Linux Monitor Agent 


Syntax: --nmaddress IP. address 


Example: --nmaddress 172.16.5.18 


See also /nmuser, /nmpassword, and /nmhome. 
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Windows Monitor Agent 


/nmaddress-/P_address 


/nmaddress-172.16.5.19 


63.19 /nmhome 


Specifies the context of the eDirectory container object where a Novell Messenger system is located. 
See Section 59.11, “Monitoring Messenger Agents,” on page 988. 


Linux Monitor Agent Windows Monitor Agent 

Syntax: = --nmhome eDirectory_context /nmhome-eDirectory_context 

Example: --nmhome /nmhome- 
OU=MessengerService,O=Messenger OU=MessengerService, OU=Provo,O=Novell 


See also /nmuser, /nmpassword, and /nmaddress. 


63.20 /nmpassword 


Specifies the password for the eDirectory user that the Monitor Agent uses to log into eDirectory to 
obtain Messenger information. See Section 59.11, “Monitoring Messenger Agents,” on page 988 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --nmpassword password /nmpassword-password 
Example: --nmpassword december /nmpassword-sailboat 


See also /nmuser, /nmhome, and /nmaddress. 


63.21 /nmuser 


Specifies a user that the Monitor Agent can use to log in to eDirectory to obtain information about 
the Messenger system from the various Messenger objects. See Section 59.11, “Monitoring 
Messenger Agents,” on page 988 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --nmuser eDirectory_context /nmuser-eDirectory_context 
Example: --nmuser CN=Admin,OU=Users,O=Novell /nmuser-CN=Admin,OU=Provo,O=Novell 


See also /nmpassword, /nmhome, and /nmaddress. 


63.22 /nosnmp 


Disables SNMP for the Monitor Agent. The default is to have SNMP enabled. See Section 59.3.2, 
“Configuring the Monitor Agent for SNMP,” on page 977. 
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Linux Monitor Agent Windows Monitor Agent 


Syntax: --nosnmp /nosnmp 


63.23 /pollthreads 


Specifies the number of threads that the Monitor Agent uses for polling the agents for status 
information. Valid values range from 1 to 32. The default is 20. See Section 59.4, “Configuring 
Polling of Monitored Agents,” on page 978. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --pollthreads number /pollthreads-number 
Example: --pollthreads 10 /pollthreads-32 


63.24 /proxy 


Routes all communication through the Monitor Agent and the Monitor Application (on the Web 
server). As long as the Web server can be accessed through the firewall, the Monitor Web console 
can receive information about all Group Wise agents that the Monitor Agent knows about. Without / 
proxy, the Monitor Web console cannot communicate with the Group Wise agents through a firewall. 
See Section 59.10, “Configuring Proxy Service Support for the Monitor Web Console,” on 

page 987. 


Linux Monitor Agent Windows Monitor Agent 


Syntax: --proxy proxy 


63.25 /tcpwaitconnect 


Sets the maximum number of seconds the Monitor Agent waits for a connection to a monitored 
agent. The default is 5. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --tcpwaitconnect seconds /tcpwaitconnect-seconds 
Example: --tcpwaitconnect 10 /tcpwaitconnect-15 
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Client 


+ Chapter 64, “Setting Up GroupWise Modes and Accounts,” on page 1035 

¢ Chapter 65, “Setting Defaults for the GroupWise Client Options,” on page 1045 

+ Chapter 66, “Distributing the GroupWise Client,” on page 1081 

+ Chapter 67, “Supporting the GroupWise Client in Multiple Languages,” on page 1103 

+ Chapter 68, “Tools for Analyzing and Correcting GroupWise Client Problems,” on page 1105 
+ Chapter 69, “Startup Switches for the GroupWise Client,” on page 1107 
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Setting Up GroupWise Modes and 
Accounts 


This section will familiarize you with GroupWise® modes and accounts, and help you set up users to 
use them. 


+ Section 64.1, “GroupWise Modes,” on page 1035 
+ Section 64.2, “Accounts,” on page 1042 


64.1 GroupWise Modes 


Group Wise provides three different ways to run the GroupWise client: Online mode, Caching mode, 
and Remote mode. 

+ Section 64.1.1, “Online Mode,” on page 1035 

+ Section 64.1.2, “Caching Mode,” on page 1035 

+ Section 64.1.3, “Remote Mode,” on page 1037 





NOTE: Remote mode is not available in the GroupWise Cross-Platform client. 





Most GroupWise features are available in all three GroupWise modes, with a few exceptions. 
Subscribing to other users’ notifications is not available in Caching mode. Subscribing to other 
users’ notifications and Proxy are not available in Remote mode. 


64.1.1 Online Mode 


When users use Online mode, they are connected to their post office on the network. The user’s 
mailbox displays the messages and information stored in the network mailbox (also called the 
Online Mailbox). Online mode is connected to the network mailbox continuously. In Online mode, 
if the Post Office Agent shuts down or users lose network connection, they temporarily lose the 
connection to their mailboxes. 


Users should use this mode if they do not have a lot of network traffic, or if they use several different 
workstations and do not want to download a local mailbox to each one. 


64.1.2 Caching Mode 


Caching mode stores a copy of a user’s network mailbox, including messages and other information, 
on the user’s local drive. This allows GroupWise to be used whether or not the network or Post 
Office Agent is available. Because the user is not connected to the network all the time, this mode 
cuts down on network traffic and has the best performance. A connection is made automatically to 
retrieve and send new messages. All updates are performed in the background so GroupWise work 
is not interrupted. 


Users should use this mode if they have enough disk space on the local drive to store mailbox. 


Several users can set up their Caching Mailboxes on a single shared computer. 
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If users run Caching Mode and Remote Mode on the same computer, the same local mailbox (also 
called the Caching Mailbox or Remote Mailbox) can be used to minimize disk space usage. 


If disk space is limited, users can restrict the items that are downloaded to the local mailbox. They 
can specify to get the subject line only or specify a size limit. 


If users back up their Caching Mailboxes, they can protect items that might be deleted if the system 
is set up to automatically clean up items (or if the system administrator runs an Expire and Reduce). 


To use Caching mode, the client installation must be a standard installation, not a workstation 
installation. 


Allowing or Forcing Use of Caching Mode 


The system administrator can allow or disallow the use of Caching mode, and can also force users to 
log in to GroupWise in Caching mode. 


If the system administrator forces Caching mode on Cross-Platform client users and then restricts 
Online mailbox size so that users have items in their Caching mailboxes that are no longer available 
online, the administrator needs to make sure users understand about doing backups. See “Backing 
Up Your Mailbox” in “Managing Your Mailbox” in the GroupWise 7 Cross-Platform Client User 
Guide. 


1 In ConsoleOne®, click Tools > GroupWise Utilities > Client Options. 
2 Click Environment > Client Access. 

3 Select or deselect Allow Use of Caching Mode. 

4 Select or deselect Force Use of Caching Mode. 


Specify the number of days before Caching mode will be enforced. This allows the user to 
continue using Online mode until the grace period has passed. The grace period begins the first 
time the user connects to the POA. The setting applies per user per workstation. 


The Force Caching Mode setting is not enforced on a workstation that does not have enough 
disk space for a Caching mailbox. The amount of disk space that is required is: the size of the 
mailbox + 20 MB + 25% of the mailbox size. 


The Force Caching Mode setting is also not enforced when a user connects from a shared 
Windows workstation or terminal server if you configure these workstations to be excluded. 
You do this by setting a registry key on the Windows workstation. The registry key is in 
HKEY LOCAL MACHINE. Under Software\\Novell\\GroupWise\\Client, add 
a dword value named No Local Store with a value of 1. This prevents the user from creating a 
Caching or Remote mailbox by using the GroupWise Windows client menus. However, the 
user can still create a Caching or Remote mailbox by using the startup switches /pc, /pr, or /ps. 


Downloading the System Address Book 


When users prime their Caching mailboxes, they receive a copy of the system address book. After 
the initial priming of the Caching mailbox, users can re-download the system address book and their 
personal address books in Caching mode by clicking View > Retrieve System Address Book or View 
> Retrieve Personal Address Book while in the Address Book. Address books also be re- 
downloaded in Caching mode when users click Tools > Retrieve Entire Mailbox. 
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Users can also specify to download the system address book (and any rules they have created) on a 
regular basis. 

1 In Remote or Caching mode, click Accounts > Account Options. 

2 Right-click the GroupWise account, then click Properties > Advanced. 

3 Select Refresh Address Books and Rules Every __ Days. By default this is set to 7 days, but it 


can be changed. 


If you configure the POA to generate the system address book regularly, Caching mode users always 
have a current copy to download. 


1 In ConsoleOne, right-click the POA object, then click Properties > GroupWise > Maintenance. 


On the Maintenance page, make sure that Generate Address Book for Remote is selected. You can 
choose the time when you want the generation to take place. 


If you want to generate the system address book for download more than once a day, you can delete 
the existing worof50.db file from the \wpcsout\ofs subdirectory of each post office. A new 
downloadable system address book is generated automatically for users on each post office. 


64.1.3 Remote Mode 


Remote mode is familiar to GroupWise users who use Hit the Road. Similar to Caching mode, a 
copy of the Online mailbox, or the portion of the mailbox that users specify, is stored on the local 
drive. Users can periodically retrieve and send messages with the type of connection they specify 
(modem, network, or TCP/IP). Users can restrict what is retrieved, such as only new messages or 
only message subject lines. 


NOTE: Remote mode is not available in the GroupWise Cross-Platform client. 





To use Remote mode, the Windows client installation must be a standard (full) installation, not a 
workstation installation. 


As an administrator, you can allow or disallow the use of Remote mode for client users. 
1 In ConsoleOne, click Tools > GroupWise Utilities > Client Options. 


2 Click Environment > Client Access. 
3 Select or deselect Allow Use of Remote Mode. 
The following topics explain the capabilities users have when they are allowed to use Remote mode. 
+ “Remote Password” on page 1038 
+ “Async Gateway and X.25 Gateway” on page 1038 
+ “Remote Performance” on page 1038 
+ “Hit the Road” on page 1038 
+ “Remote Properties” on page 1039 


+ “Remote Mode Connections” on page 1039 
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Remote Password 


To use Remote mode, users must have a password set in Online mode. When they run in Remote 
mode for the first time, they can specify to use the same password in Remote mode or choose a new 
one. 


Async Gateway and X.25 Gateway 


For Group Wise to use a modem connection, the GroupWise Async Gateway or X.25 Gateway must 
be installed and configured in your GroupWise system. The gateway provides the means by which 
the client communicates with the GroupWise system. 


Remote Performance 


The system administrator can configure the MTA so that it re-directs Remote mode requests to other 
MTAs and POAs. The GroupWise client can establish a client/server connection to an MTA across 
the Internet. For more information, see Section 41.2.2, “Enabling Live Remote,” on page 629. 


Hit the Road 


Users can use Hit the Road on the Tools menu (or switch from Online mode to Remote mode) to 
create, set up, or update the Remote mailbox. A copy of the mailbox is created on the user’s local 
drive and any current connections are detected and set up. If users have already used Caching mode, 
the local mailbox has already been created. Users can also use Hit the Road to create setup files on a 
diskette to set up their Remote mailbox on a computer that’s not connected to the network. Several 
users can set up their Remote mailboxes on a single shared computer. 


Hit the Road creates a network connection for the method (direct connection or TCP/IP) GroupWise 
uses to access the user’s post office. GroupWise can then use this connection, when running in 
Remote mode, to connect to the GroupWise system. For example, a network connection lets users of 
docked laptops run GroupWise in Remote mode and connect to the GroupWise system through the 
network connection rather than a modem connection. 


Hit the Road also creates modem connections for Remote Profiles in the Async Gateway or X.25 
Gateway. Remote Profiles let GroupWise connect to the GroupWise system. 


To use Hit the Road: 

1 Inthe GroupWise client, click Tools > Hit the Road. 

2 Follow the prompts to create the Remote mailbox on the computer or on a diskette. 
Installing the Remote Mailbox from Diskette 


If Hit the Road created the user’s Remote mailbox on diskette, the user needs to install the Remote 
mailbox on the computer that will be running in Remote mode. 

1 Insert the diskette containing the Remote mailbox into the computer’s disk drive. 

2 From the Windows Taskbar, click Start > Run. 

3 Type a: \setup, then click OK. 


Follow the prompts. The setup program creates a Remote mailbox and copies the required files 
to the computer’s hard drive. 
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Remote Properties 


Users can change the way Remote mode is set up, including the connection, time zone, signature, 
and so forth, in Account Options on the Accounts menu. Remote is listed as an account. 


By default, if an item is deleted from the Remote mailbox, the item is deleted from the Online 
mailbox the next time a connection is made. Deletion options in Remote Properties can be changed 
so that an item deleted from the Remote mailbox stays in the Online mailbox or vice versa. 


Remote Mode Connections 


+ “Setting Up a Modem Connection” on page 1039 
+ “Setting Up a Network Connection” on page 1040 
+ “Setting Up a TCP/IP Connection” on page 1041 


Setting Up a Modem Connection 


If you are going to connect with a modem, you must create at least one modem connection. A 
modem connection provides Group Wise with the information it needs to connect to the Group Wise 
system through the GroupWise Async Gateway or GroupWise X.25 Gateway. 


To set up a modem connection: 


In the client, log in or change to Remote mode. 

Click Accounts > Send/Retrieve > GroupWise Options. 
Click Configure > Connect To > New. 

Make sure Modem is selected, then click OK. 


Type a descriptive name for the modem connection in the Connection Name box. 


ao af WO ND = 


Click the country code, then type the area code and phone number for the gateway to the master 
Group Wise system. 


You can use a comma (,) to signal a one-second pause in dialing such as 9, (800) 555-5555. The 
9 accesses an outside line and the comma causes a one-second pause to wait for the dial tone 
before dialing the number. If you enter dashes, spaces, and parentheses, they are ignored. 


7 Type the login ID for the gateway. 
8 Click Password, type the gateway password, then click OK. 
9 Retype the password, then click OK. 

10 Click the Advanced tab. 


11 If your modem requires a script, specify the path to the script in the Modem Script box, click 
Edit Script, then specify the necessary When Given and Respond With commands. 


To save the script without changing its filename, click Save > Close. 
or 
To save the script with a new filename, click Save As, type a name, then click Close. 


12 Click a disconnect method. 
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Method Description 


When All Updates Are Received Disconnects after requests are sent and after all responses to 
the requests are received (or disconnects automatically when 
the time allowed by the gateway has expired). 


Do Not Wait for Responses Disconnects immediately after requests are sent and pending 
responses are received. Pending responses are responses to 
other requests that are waiting to be downloaded to you. 


Manually Lets you manually control when to disconnect (or disconnects 
automatically when the time allowed by the gateway has 
expired). 


13 Click Attempts, then specify the number of times to redial if the line is busy. 

14 Click Retry Interval, then specify the time interval between each redial attempt. 
15 Click OK. 

16 Select the connection you want, then click Select. 


17 Select the location you are connecting from in the Connecting From box. If none are listed, use 
the Default Location option. 


If you need to create a new location, click the Connect From button. This is useful for laptop 
users who are calling into the GroupWise system from different geographic locations. 


18 Select the modem to use for dialing up the gateway in the Connect Using box. If you have not 
yet defined your modem, click Modem to add a modem to your system. 


19 Click OK, then click Close. 


Setting Up a Network Connection 


While running in Remote mode, GroupWise can connect to the user’s Online mailbox using a 
network connection. A network connection is useful for laptop users connecting to the network 
through a docking station, or for remote users connecting through a modem using remote node 
software. 


To create a network connection: 

In the client, log in or change to Remote mode. 

Click Accounts > Send/Retrieve > GroupWise Options. 
Click Network > OK. 


Type a descriptive name for the network connection in the Connection Name box. 


a BR O N = 


Type the path to any post office directory in the master GroupWise system. 


Users can connect to their own post offices or to any post office in the master GroupWise 
system to access their Online mailboxes. 


6 Click a disconnect method. 
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Method Description 


When All Updates Are Received Disconnects after requests are sent and after all responses to 
the requests are received (or disconnects automatically when 
the time allowed by the gateway has expired). 


Do Not Wait for Responses Disconnects immediately after requests are sent and pending 
responses are received. Pending responses are responses to 
other requests that are waiting to be downloaded to you. 


Manually Lets you manually control when to disconnect (or disconnects 
automatically when the time allowed by the gateway has 
expired). 

7 Click OK. 


8 Select the connection you want, then click Select. 


9 Select the location you are connecting from in the Connecting From box. If none are listed, use 
the Default Location option. 


If you need to create a new location, click the Connect From button. This is useful for laptop 
users who are calling into the GroupWise system from different geographic locations. 


10 Click OK, then click Close. 


Setting Up a TCP/IP Connection 


A TCP/IP connection enables GroupWise, while running in Remote mode, to connect to the 
GroupWise system through a network connection using TCP/IP rather than a modem connection. A 
TCP/IP connection can be made through a network connection, such as a laptop connecting to the 
network through its docking station, or through a modem using remote node software. 


To create a TCP/IP connection: 


In the client, log in or change to Remote mode. 

Click Accounts > Account Options, then double-click the Remote account. 
Click Connection > Connect To > New > TCP/IP > OK. 

Type a descriptive name for the TCP/IP connection. 

Type the IP address or the DNS name. 

Type the IP port for this address. 


NO a BB © N = 


Click a disconnect method. 


Method Description 


When All Updates Are Received Disconnects after requests are sent and after all responses 
to the requests are received (or disconnects automatically 
when the time allowed by the gateway has expired). 


Do Not Wait for Responses Disconnects immediately after requests are sent and 
pending responses are received. Pending responses are 
responses to other requests that are waiting to be 
downloaded to you. 
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Method Description 


Manually Lets you manually control when to disconnect (or 
disconnects automatically when the time allowed by the 
gateway has expired). 


8 Click OK. 
9 Select the connection you want, then click Select. 


10 Select the location you are connecting from in the Connecting From box. If none are listed, use 
the Default Location option. 
If you need to create a new location, click the Connect From button. This is useful for laptop 
users who are calling into the GroupWise system from different geographic locations. 


11 Click OK, then click Close. 


64.2 Accounts 


+ Section 64.2.1, “Accounts Menu,” on page 1042 


+ Section 64.2.2, “Enabling POP3, IMAP4, and NNTP Account Access in Online Mode,” on 
page 1042 


64.2.1 Accounts Menu 


In addition to the Remote account, users can access and configure POP3 and IMAP4 Internet e-mail 
accounts and NNTP News accounts from the Accounts menu. While the user is in Remote and 
Caching mode, POP3, IMAP4, and NNTP accounts are accessed without needing to connect to the 
GroupWise system. If the system administrator enables it, users can also access and configure their 
POP3, IMAP4, and NNTP accounts from the Accounts menu while in Online mode. 





NOTE: The Accounts menu is not available in the GroupWise Cross-Platform client. 





64.2.2 Enabling POP3, IMAP4, and NNTP Account Access in 
Online Mode 


By default, POP3, IMAP4, and NNTP accounts can be added, configured, and accessed by users in 
Remote and Caching mode only. Account items and information are not accessible in Online mode, 
nor can items and information be uploaded to the Online mailbox until the system administrator 
enables it. 


To enable POP3, IMAP4, and NNTP account access for clients in Online mode for an entire post 
office: 


1 Make sure GroupWise 6.x agents have been installed. For more information, see Part X, 
“Message Transfer Agent,” on page 603. 


2 Make sure Internet Addressing is enabled. For more information, see Section 4.11, “Internet 
Addressing,” on page 69. 


3 In ConsoleOne, select the post office object. 
4 Click Tools > GroupWise Utilities > Client Options. 
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5 Click Environment > General. 

6 Select Allow Use of POP and IMAP Accounts in the Online Mailbox. 
7 Select Allow Use of News (NNTP) Accounts in the Online Mailbox. 
8 Click OK. 
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Setting Defaults for the 
GroupWise Client Options 


The GroupWise® client includes options (preferences) that can be set by individual users. As a 
Group Wise administrator, you can determine the default settings for the options. If you don’t want 
users to change the default settings you’ve established, you can lock the settings. 

¢ Section 65.1, “Client Options Summary,” on page 1045 

+ Section 65.2, “Setting Client Options,” on page 1049 

+ Section 65.3, “Resetting Client Options to Default Settings,” on page 1080 


65.1 Client Options Summary 


Default settings can be established at the user level, the post office level, or the domain level. User 
settings override post office settings, and post office settings override domain settings. However, 
locked settings override unlocked settings even if they are set at a higher level. 


1 In ConsoleOne®, select a Domain, Post Office, or User object, then click Tools > GroupWise 
Utilities > Client Options. 


GroupWise Client Options 


ts Close 


Environment Send Fer 





a & 


Security Date and Time 





The client options table in this section summarizes all client options and provides links to 
descriptions of the options. For more detailed instructions, see Section 65.2, “Setting Client 
Options,” on page 1049. 

+ Environment 

+ Send 

+ Security 


+ Date and Time 





NOTE: The Cross-Platform client does not recognize all of the client options that can be set in 
ConsoleOne. Client options that the Cross-Platform client does recognize are marked with an 
asterisk (*) in the table. 
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Table 65-1 Client Options 


Client Options Type Client Options Tab Client Options 


Environment General Refresh Interval 
Allow Shared Folder Creation 


Click Tools > 
E sas Allow Shared Address Book Creation 
GroupWise Utilities > . 
; . Check Spelling Before Send 
Client Options > 
; Show Messenger Presence 
Environment 


Allow Use of POP and IMAP Accounts in the Online Mailbox 
Allow Use of News (NNTP) Accounts in the Online Mailbox 


Client Access Client Licensing 
Full License Mailboxes 
Limited License Mailboxes 
Client Login Mode 
Allow Use of Remote Mode 
Allow Use of Caching Mode 
Force Caching Mode after __ Days 
Show Login Mode Drop-Down List on Client Toolbar 


Views View Options 

Read Next After Accept, Decline, or Delete 
Open New View after Send 

Allowable Read Views 
Plain Text 
HTML 

Allowable Compose Views 
Plain Text 
HTML 

Disable HTML View 


File Location Archive Directory 
Custom Views 


Cleanup Mail and Phone 

Manual Delete and Archive 
Auto-Delete After 
Auto-Archive After 

Appointment, Task, and Note 
Manual Delete and Archive 
Auto-Delete After 
Auto-Archive After 

Empty Trash 
Manual 
Automatic After 

Purges 
Allow Purge of Items Not Backed Up 

Prompt before Purging 

Perform Maintenance Purges on Caching/Remote 
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Client Options Type Client Options Tab Client Options 


Appearance Schemes 
GroupWise 6.5 Look 
GroupWise 7 Look 
Individual Settings 
Display Main Menu 
Display Nav Bar 
Display Main Toolbar 
Use GroupWise Color Schemes 


Sky Blue, Olive Green, Silver, Sky Blue, Spring Green, 
Sterling Silver 


Display Folder List 
Simple Folder List 

Full Folder List 

Long Folder List 
Display QuickViewer 
QuickViewer at Bottom 
QuickViewer at Right 


Retention Retention 


Junk Mail Junk Mail Handling 
Enable Junk Mail Using Junk Mail Lists 
Enable Junk Mail Using Personal Address Book 
Auto-Delete After 
Enable Blocked Mail Using Block Mail Lists 


Send Send Options Classification* 
Normal, Proprietary, Confidential, Secret, Top Secret, For 
Your Eyes Only 


Priority* 
Client Options > High, Standard, Low 
Send Reply Requested* 

When Convenient, Within __ Days 
Allow Use of Reply to All in Rules 
Allow Use of Internet Mail Tracking 
Expiration Date 
Delay Delivery 
Wildcard Addressing 
Notify Recipients 
Convert Attachments 
Allow Reply Rules to Loop 
Global Signatures 


Click Tools > 
GroupWise Utilities > 


Mail Create a Sent Item to Track Information 
Delivered, Delivered and Opened, All Information, 
Auto-Delete Sent Item 
Return Notification 
When Opened/Deleted 
None, Mail Receipt, Notify, Notify and Mail 
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Client Options Type Client Options Tab 


Appointment 


Task 


Note 


Security 


Disk Space 
Management 


Global Signature 


Security Password 


Click Tools > 
GroupWise Utilities > 
Client Options > 
Security 
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Client Options 


Create a Sent Item to Track Information 
Delivered, Delivered and Opened, All Information, 
Auto-Delete Sent Item 
Return Notification 
When Opened/Accepted/Deleted 
None, Mail Receipt, Notify, Notify and Mail 


Create a Sent Item to Track Information 
Delivered, Delivered and Opened, All Information, 
Auto-Delete Sent Item 
Return Notification* 
When Opened/Accepted/Completed/Deleted 
None, Mail Receipt, Notify, Notify and Mail 


Create a Sent Item to Track Information 
Delivered, Delivered and Opened, All Information, 
Auto-Delete Sent Item 
Return Notification 
When Opened/Deleted 
None, Mail Receipt, Notify, Notify and Mail 


Conceal Subject 
Require Password to Complete Routed Item 
Secure Items Options 

Do Not Allow Use of S/MIME* 

URL for Certificate Download 

Sign Digitally* 

Encrypt for Recipients 

Encryption Key Size 


User Limits 
Mailbox Size Limit 
Threshold for Warning Users 
Maximum Send Message Size 
Limits Apply to Cache 


Notify the Administrator When Threshold Limit Is 
Exceeded 


Notify the Administrator When Size Limit Is Exceeded 
Global Signature 


Enter New Password* 

Clear User Password* 

Allow Password Caching 

Allow eDirectory Authentication Instead of Password 
Enable Single Sign-On 

Use Collaboration Single Sign-On (CASA) 


Client Options Type 


Date and Time 


Click Tools > 
GroupWise Utilities > 
Client Options > 
Date and Time 


Client Options Tab Client Options 


Macros 


Notify 


Calendar 


Busy Search 


View Macro Security 
Always Play Received Macros 
Never Play Received Macros 
Always Prompt Before Playing a Macro 


Check for Mail Every 


Month Display Option 
First of Week 
Highlight Day 
Show Week Number 
Appointment Options 
Include Myself on New Appointments 
Display Appointment Length As Duration, End Date and 
Time 
Default Length 
Alarm Options 
Set Alarm When Accepted 
Default Alarm Time 
Work Schedule 
Start/End Time 
Work Days 


Appointment Length 
Range and Time to Search 
Days to Search 


65.2 Setting Client Options 


Default settings can be established at the user level, the post office level, or the domain level. User 
settings override post office settings, and post office settings override domain settings. However, if 
you set a lock on an option at a higher level, the higher level then overrides the lower level setting. 


To modify the default settings for the GroupWise client: 


1 In ConsoleOne, click a Domain object if you want to modify the settings for all users in the 


domain. 


or 


Click a Post Office object if you want to modify the settings for all users in the post office. 


or 


Click a User object or GroupWise External Entity object if you want to modify settings for the 
individual user. To change the same settings for multiple users, select multiple objects. 


2 With the appropriate GroupWise object selected, click Tools > GroupWise Utilities > Client 
Options to display the GroupWise Client Options dialog box. 
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GroupWise Client Options (EI) 


Close 

gy = 
a Hel 
Environment Send sed 


a © 


Security Date and Time 





3 To set the Environment options, click Environment > continue with Section 65.2.1, “Modifying 
Environment Options,” on page 1050. 


or 


To set the Send options, click Send > skip to Section 65.2.2, “Modifying Send Options,” on 
page 1062. 


or 


To set the Security options, click Security > skip to Section 65.2.3, “Modifying Security 
Options,” on page 1073. 


or 


To set the Date and Time options, click Date and Time > skip to Section 65.2.4, “Modifying 
Date and Time Options,” on page 1076. 


65.2.1 Modifying Environment Options 


1 Ifthe Environment Options dialog box is not displayed, follow the instructions in Section 65, 
“Setting Defaults for the GroupWise Client Options,” on page 1045 to display the dialog box. 


Environment Options: Development 

Cleanup | Appearance | Retention | Junk Mail 
i Client Access Views 

Refresh Interval 

Every: 1 Žhinutes 0 Seconds 

Allow shared folder creation 

Allow shared address book creation 

I” Check spelling before send 

IV Show Messenger presence 


(Note: Internet Addressing must be configured for the following options to work 
correctly) 


I Allow use of POP and IMAP accounts in the Online Mailbox 


D Allow use of news (NNTP) accounts in the Online Mailbox 


Restore Default Settings 


[+ | Cancel Help 





2 Click the tab that contains the options you want to change. Refer to the following sections for 
information about options: 


“Environment Options: General” on page 1051 
“Environment Options: Client Access” on page 1052 
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“Environment Options: Views” on page 1055 
“Environment Options: File Locations” on page 1056 
“Environment Options: Cleanup” on page 1057 
“Environment Options: Appearance” on page 1058 
“Environment Options: Retention” on page 1059 
“Environment Options: Junk Mail” on page 1060 





NOTE: The Environment options are not currently recognized by the Cross-Platform client. 





3 Ifyou want to prevent users from changing an option’s setting, click the lock button next to it. 


After you click it, the lock button indicates whether the setting is locked at the domain level, 
the post office level, or the user level. 


4 If you want to return all the options on a tab to their default settings, click Restore Default 
Settings. 


5 When finished, click OK to save your changes. 


Environment Options: General 


The General options determine such settings as the refresh interval for new messages, whether users 
can create shared folders and address books, and which types of accounts can be used while in 
Online mode. 


Figure 65-1 Environment Options Dialog Box with the General tab Open 
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Refresh Interval 


Determine how often the Group Wise client lists will be updated to reflect new message status. The 
default is 1 minute. 


Allow Shared Folder Creation 


Enables users to share folders with other users. By default, this option is enabled. 
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Allow Shared Address Book Creation 


Enables users to share address books with other users. By default, this option is enabled. 


Check Spelling Before Send 


Automatically spell checks the message text of each item before the item is sent. By default, this 
option is disabled. 


Show Messenger Presence 


Displays the Messenger presence information in the Group Wise Windows client. Messenger 
presence enables users to easily choose instant messaging as an alternative to e-mail. Messenger 
presence icons appear in the From field of a received message, in the Quick Info for users specified 
in the To, CC, and BC fields of a new message, and in the Quick Info for users in the Address Book. 
Messenger presence is enabled by default. 


The Address Book must be properly configured to support Messenger presence. See Section 6.3, 
“Supporting Messenger Presence Display in GroupWise,” on page 90. 


Allow Use of POP and IMAP Accounts in the Online Mailbox 


Select this option to enable users to access POP and IMAP accounts while using the GroupWise 
client in Online mode. 


By default, this option is disabled. If you enable this option, an Accounts menu is added to the 
Group Wise client, allowing users to add POP and IMAP accounts to GroupWise, set account 
properties, and send and retrieve items from their POP and IMAP accounts. In addition, users are 
allowed to upload POP and IMAP items from the Remote mailbox to the Online mailbox. 


Allow Use of News (NNTP) Accounts in the Online Mailbox: 


Select this option to enable users to set up newsgroup (NNTP) accounts while using the GroupWise 
client in Online mode. 


Environment Options: Client Access 


The Client Access options allow you to apply a license type (full or limited) to users’ mailboxes and 
enable or disable the Remote and Caching modes in the Group Wise client for Windows. 
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Figure 65-2 Environment Options Dialog Box with the Client Access Tab Open 
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Client Licensing 


GroupWise offers two types of mailbox licenses: full client mailbox licenses and limited client 
mailbox licenses. 


A full client mailbox license has no mailbox access restrictions; the mailbox can be accessed by any 
GroupWise client (Windows or WebAccess) as well as any third-party plug-in or POP/IMAP client. 


A limited client mailbox license restricts mailbox access to the following: 


+ The GroupWise WebAccess client (including wireless devices) 

+ A Group Wise client (Windows or WebAccess) via the Proxy feature 

+ A Group Wise client (Windows or WebAccess) via the Busy Search feature 
+ A POP or IMAP client 


A limited client license mailbox does not allow access through the Group Wise client for Windows 
(other than via Proxy or Busy Search). 


You can use this option to specify the type of client license that you want applied to users’ 
mailboxes. This enables you to support the type of Group Wise mailbox licenses you purchase. For 
example, if you only purchased limited client license mailboxes for users on a specific post office, 
you can mark all mailboxes on that post office as being limited client license mailboxes. 


For information about generating an audit report that shows the type of license applied to each 
mailbox in a post office, see Section 12.4, “Auditing Mailbox License Usage in the Post Office,” on 
page 191. 
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Client Login Mode 


Choose from the following settings to determine which login modes are available to GroupWise 
users when using the GroupWise client for Windows. These settings apply only if you selected Full 
License Mailboxes for the client licensing. 


+ Allow Use of Remote Mode: Select this option to enable users to log in with GroupWise in 
Remote mode. With Remote mode, the GroupWise client uses a Remote mailbox on the user’s 
local drive. The user must initiate a connection (modem, direct, or TCP/IP) to send or retrieve 
items from the GroupWise system. For more information about Remote mode, see 
Section 64.1.3, “Remote Mode,” on page 1037. By default, this option is enabled. 





NOTE: Remote Mode is not available in the Cross-Platform client. 





+ Allow Use of Caching Mode: Select this option to enable users to log in with GroupWise in 
Caching mode. With Caching mode, the GroupWise client uses a Caching mailbox on the 
user’s local drive (this can be the same mailbox as the Remote mailbox). The Group Wise client 
periodically initiates a connection with the GroupWise system to send and receive items. For 
more information about Caching mode, see Section 64.1.2, “Caching Mode,” on page 1035. By 
default, this option is enabled. 


Select the Force Caching Mode option (available only if the Allow Use of Caching Mode 
option is enabled) to force users to run in Caching mode. By default, this option is disabled. 
Specify the number of days before Caching mode is enforced. This allows the user to continue 
using Online mode until the grace period has passed. The grace period begins the first time the 
user connects to the POA. The setting applies per user per workstation. 


The Force Caching Mode setting is not enforced on a workstation that does not have enough 
disk space for a Caching mailbox. The amount of disk space that is required is: the size of the 
mailbox + 20 MB + 25% of the mailbox size. 


The Force Caching Mode setting is also not enforced when a user connects from a shared 
Windows workstation or terminal server if you configure these workstations to be excluded. 
You do this by setting a registry key on the Windows workstation. The registry key is in 
HKEY LOCAL MACHINE. Under Software\\Novell\\GroupWise\\Client, add 
a dword value named No Local Store with a value of 1. This prevents the user from creating a 
Caching or Remote mailbox by using the GroupWise Windows client menus. However, the 
user can still create a Caching or Remote mailbox by using the startup switches /pc, /pr, or /ps. 


+ By Default, Show Login Mode Drop-Down List on Client Toolbar: Select this option to 
have the Login Mode drop-down list displayed on the client’s toolbar. This enables users to 
change the mode themselves and is necessary only if you allow multiple modes to be used. By 
default, this option is enabled. 
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Environment Options: Views 


Figure 65-3 Environment Options Dialog Box with the Views Tab Open 
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The Views Environment options determine when items open, and whether or not users can read and 
compose messages in HTML. 


View Options 


Choose from the following settings to determine what occurs when the user performs an action that 
closes the current view. 


+ Read Next after Accept, Decline, or Delete: Select this option to have the next available 
received item automatically open after the user accepts, declines, or deletes an appointment, 
task, or note. By default, this option is enabled. 


+ Open New View after Send: Select this option to have a new send view open after a user 
sends a message. By default, this option is disabled. 


Allowable Read Views 
Choose from the following settings to determine what read views you allow the clients to use. 


+ Plain Text (Default): Select this option to allow users to read items in plain text. 


+ HTML: Select this option to allow users to read items in HTML. 


Click Set Default to select the default read views. 


Allowable Compose Views 
Choose from the following settings to determine what compose views you allow the clients to use. 


+ Plain Text (Default): Select this option to allow users to compose items in plain text. 


+ HTML: Select this option to allow users to compose items in HTML. 
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Click Set Default to select the default compose views. 


Disable HTML View 


Turns off the ability to view or compose messages in HTML View. 


Environment Options: File Locations 


The File Locations options determine the locations of users’ archive directories and the custom 
views directory. 


Figure 65-4 Environment Options Dialog Box with the File Locations Tab Open 
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Archive Directory 


Select the directory to be used for archiving items for both the Windows client and the Cross- 
Platform client. Each user must have his or her own archive directory, so this can be a local directory 
(for example, c: \novell\groupwise for the Windows client and \home\groupwise for 
the Cross-Platform client) or a personal user directory on a network server. If you select a local 
drive, make sure users have the directories created. If you select a network drive, make sure users 
have the necessary rights to access the directories. 





IMPORTANT: If you want to use a network location, do not specify the same directory for users in 
more than one post office. The names of users’ individual archive directories are based on their 
FIDs. FIDs are unique within a post office, bur users in different post offices can have the same FID. 





Custom Views 


This option applies only if you are using custom views. Select the directory where the views are 
located. The GroupWise product does not include the capability to design custom views, but third- 
party products make use of this feature to support their specialized capabilities. 
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Environment Options: Cleanup 


The Cleanup options determine the delete and archive settings for GroupWise items (mail messages, 
phone messages, appointments, tasks, and notes). 


Figure 65-5 Environment Options Dialog Box with the Cleanup Tab Open 


Environment Options: Development 
General Client Access | Views 
File Location Appearance | Retention | Junk Mail 
Mail and Phone 
© Manual Delete and Archive 
© Auto-Delete after: 
© Auto-Archive after: 


Appointment, Task, and Note 
© Manual Delete and Archive 
© Auto-Delete after: 


© Auto-Archive after: 


Empty Trash 


© Manual 





© Automatic after: 


IV Allow purge of items not backed up 
T Prompt user before purging 


I Perform maintenance purges on cachingiremote 


Restore Detault Settings 





C Penn s 





Mail and Phone 


Choose from the following settings to determine how mail and phone messages are deleted and 
archived: 


+ Manual Delete and Archive: Select this option to have mail and phone messages deleted or 
archived only when users manually do it. This is the default setting. 


+ Auto-Delete After: Select this option to have GroupWise automatically delete mail and phone 
messages that are older than the specified number of days. If you use this option, you should 
notify users so they know they must archive items they want to save. 


+ Auto-Archive After: Select this option to have GroupWise archive mail and phone messages 
that are older than the specified number of days. Users must have an archive directory specified 
in order for items to be archived. See “Environment Options: File Locations” on page 1056 for 
information about setting a default archive directory location. 


Appointment, Task, and Note 


Choose from the following settings to determine how appointments, tasks, and notes are deleted or 
archived: 


+ Manual Delete and Archive: Select this option to have appointments, tasks, and notes deleted 
or archived only when users manually do it. This is the default setting. 


+ Auto-Delete After: Select this option to have GroupWise automatically delete appointments, 
tasks, or notes that are older than the specified number of days. If you use this option, you 
should notify users so they know they must archive items they want to save. 
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+ Auto-Archive After: Select this option to have GroupWise automatically archive 
appointments, tasks, and notes older than the specified number of days. Users must have an 
archive directory specified in order for items to be archived. See “Environment Options: File 
Locations” on page 1056 for information about setting a default archive directory location. 


Empty Trash 


Deleted items are moved to the Trash folder. They can be retrieved from the Trash until it is emptied. 
Items in the Trash still take up disk space. Select from the following settings to determine how the 
Trash folder is emptied: 


+ Manual: Select this option to require the user to manually empty the Trash. This is the default 
setting. 


+ Automatic: Select this option to have GroupWise automatically empty items from the trash 
after they have been in it for the specified number of days. 


Purges 


+ Allow Purge of Items Not Backed Up: Select this option to enable items that have not been 
backed up to be removed from the Trash. This option is enabled by default. 


Select the Prompt Before Purging option (available only if Allow Purge of Items Not Backed 
Up is enabled) to prompt the user to confirm the purging of any files that have not been backed 
up. 

¢ Perform Maintenance Purges on Caching/Remote: On the Disk Space Management page 
(Tools > GroupWise Utilities > Client Options > Send > Disk Space Management) in 
ConsoleOne, you can limit the size of users’ Online mailboxes. You can now enforce the same 
mailbox size limits on users’ Caching and Remote mailboxes, wherever those mailboxes are 
located. 


The size limit is applied to users’ Caching and Remote mailboxes regardless of the amount of 
available disk space on users’ hard drives. The size limit is applied the next time the 
GroupWise Windows client synchronizes with users’ Online mailboxes. Because users might 
lose items that they have been storing locally when the size limit is enforced, you should warn 
users that size limits are going to be placed on their local Caching and Remote mailboxes. 


Environment Options: Appearance 


The Appearance options determines the appearance of the GroupWise Windows client. 
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Figure 65-6 Environment Options Dialog Box with the Appearance Tab Open 
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Schemes 
There are three available schemes that determine how the GroupWise Windows Client appears. 
+ Default: Displays the Main Menu, Toolbar, full Folder list, the Nav Bar, and the Sky Blue 
color scheme. 


+ GroupWise 6.5: Looks just like the 6.5 client. It displays the Main Menu, Toolbar, and the full 
Folder list. 


+ Simplified: Displays the Sky Blue color scheme, the Nav bar, and the simple Folder list. 


Individual Settings 
You can also control individual appearance settings for the GroupWise Windows client. 


+ Display Main Menu: Displays at the top of the window in the GroupWise client. 
+ Display Nav Bar: Displays at the top of the window in the Group Wise client. 
¢ Display Main Toolbar: Displays underneath the Navigation bar in the GroupWise client. 


* GroupWise Color Scheme: Overrides any operating system color schemes for the GroupWise 
client. You can select Blue, Olive Green, Silver, Sky Blue, Spring Green, or Sterling Silver. 


+ 


Display Folder List: Displays the Folder list on the left side of the window in the Group Wise 
client. You can select from a Simple Folder List or a Full Folder List. If you are using the 
GroupWise 6.5 Look, you can also select to view the Long Folder List. 


+ 


Display QuickViewer: Displays the QuickViewer in the GroupWise client. You can select to 
display the QuickViewer on the right side or at the bottom. 


Environment Options: Retention 


The Retention tab is displayed only if the Provides Message Retention Service setting is turned on 
for a trusted application. For information, see Section 4.12, “Trusted Applications,” on page 69. 
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Message retention is configurable by administrators only, not by GroupWise users. The Retention 
options do not display in the GroupWise client. 


Figure 65-7 Environment Options Dialog Box with the Retention Tab Open 
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Enable Message Retention Service 


Select this option to enable the Message Retention Service. If you are setting client options for a 
domain, all user mailboxes in the domain support message retention. Likewise, if you are setting 
options for a post office, all user mailboxes in the post office support message retention. After a 
user’s mailbox is enabled for message retention, the user cannot perform any action (purging, 
archiving, etc.) that removes messages from the mailbox until the messages have been copied to 
another storage location by a trusted application that has been designed to provide the Message 
Retention Service. 


Environment Options: Junk Mail 


The Junk Mail Handling Environment options determine the junk mail handling functionality of the 
GroupWise client. 
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Figure 65-8 Junk Mail Tab in the Environment Options Dialog Box 
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Junk Mail Handling 


Select Enable Junk Mail Handling to enable junk mail handling. This setting determines whether or 
not the Junk Mail Handling feature is available for a user. This setting affects both the client and the 
POA. Junk Mail Handling allows users to block or “junk” unwanted Internet e-mail. When this 
setting is disabled, the client does not display any Junk Mail Handling menus or dialog boxes, and 
the POA does not perform any junk mail handling for the user. When this setting is enabled, the 
client displays Junk Mail Handling menus and dialog boxes, and the POA performs junk mail 
handling if the block and junk lists are also enabled. 


Enable Junk Mail Using Junk Mail Lists 


Select this option to cause junking based on e-mail addresses and domain names available to users. 
A user can junk e-mail from a specific Internet e-mail address or from an entire Internet domain, 
when the e-mail addresses and Internet domains are listed in the user’s Junk List. (Initially, there are 
no entries in a user’s junk list.) Junked items are delivered to the Junk Mail folder in the user’s 
Mailbox. 


When this setting is enabled or disabled and not locked, the user’s initial setting to use the Junk List 
is enabled or disabled. Users can change the setting. When the setting is enabled and locked, a user's 
Enable Junk List setting is enabled and cannot be disabled. When the setting is disabled and locked, 
the Junk List is unavailable to the user. Client menu options and dialog boxes involving the Junk 
List are not displayed. 


Enable Junk Mail Using Personal Address Book 


Select this option to cause junking based on personal address book entries available to users. A user 
can junk e-mail from all users whose addresses are not in any personal address books (including 
Frequent Contacts) without building a Junk List. 


When this setting is enabled or disabled and not locked, the user’s initial setting to use personal 
address books is enabled or disabled. Users can change the setting. When the setting is enabled and 
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locked, a user's Enable Junk Mail Using Personal Address Book setting is enabled and cannot be 
disabled. When the setting is disabled and locked, this option is unavailable to the user. 


Auto-Delete After 


Select this option and specify the number of days after which you want junked items to be 
automatically deleted from users' mailboxes. The default is 14 days. 


When this setting is enabled or disabled and not locked, the user's initial setting to delete junked 
items is enabled or disabled. Users can change the setting. When the setting is enabled and locked, a 
user’s Automatically Delete Items setting is enabled and cannot be disabled. When the setting is 
disabled and locked, this option is unavailable to the user. 


Enable Blocked Mail Using Block Mail Lists 


Select this option to make blocking available to users. A user can block e-mail from an Internet e- 
mail address or Internet domain, when blocked e-mail addresses and Internet domains are listed in 
the user's Block List. (Initially, there are no entries in a user's Block List.) Blocked items are blocked 
when the POA processes delivery to the user's mailbox, and the items are never delivered to the 
user's mailbox. When the POA log uses verbose mode, the log displays information about blocked 
items. 


When this setting is enabled or disabled and not locked, the user’s initial setting to use the Block List 
is enabled or disabled. Users can change the setting. When the setting is enabled and locked, a user's 
Block List setting is enabled and cannot be disabled. When the setting is disabled and locked, 
blocking is unavailable to the user. Client menu options and dialog boxes involving the Block List 
are not displayed. 


65.2.2 Modifying Send Options 


1 Ifthe Send Options dialog box is not displayed, follow the instructions in Section 65, “Setting 
Defaults for the GroupWise Client Options,” on page 1045 to display the dialog box. 
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2 Click the tab that contains the options you want to change. Refer to the following sections for 
information about options: 


“Send Options: Send Options” on page 1063 

“Send Options: Mail” on page 1065 

“Send Options: Appointment” on page 1066 

“Send Options: Task” on page 1067 

“Send Options: Note” on page 1068 

“Send Options: Security” on page 1069 

“Send Options: Disk Space Management” on page 1071 
“Send Options: Global Signature” on page 1072 


NOTE: To see which Send options are recognized by the Cross-Platform client, refer to the 
client options table in Section 65.1, “Client Options Summary,” on page 1045. 





3 If you want to prevent users from changing an option’s setting, click the lock button next to it. 


After you click it, the lock button indicates whether the setting is locked at the domain level, 
the post office level, or the user level. 


4 If you want to return all the options on a tab to their default settings, click Restore Default 
Settings. 


5 When finished, click OK to save your changes. 


Send Options: Send Options 


The Send Options determine general settings that apply to all GroupWise item types (mail messages, 
phone messages, appointments, tasks, and notes). 


Figure 65-9 Send Options Dialog Box with the Send Options Tab Open 
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Classification 


Select the default for the security classification label at the top of the message box. The 
classifications do not provide any encryption or additional security. They are meant to alert the 
recipient to the relative sensitivity of the item. The options are Normal, Proprietary, Confidential, 
Secret, Top Secret, and For Your Eyes Only. The default is Normal. 


Priority 


Select High, Standard, or Low as the default item priority. Priority determines which post office 
directory an item is placed in. This, in turn, determines how quickly items are delivered. High 
priority items are queued ahead of normal or low priority items. 


Reply Requested 


Select the Reply Requested option to have items always include a reply request. By default, this 
option is disabled. If you enable the option, select whether the recipient is asked to reply when it is 
convenient or within a specific number of days. 


Allow Use of Reply to All in Rules 


Select this option to enable users to use the Reply to All action when creating rules. By default, this 
option is disabled, which means that only the Reply to Sender action is available. 


Allow Use of Internet Mail Tracking 


Select this option to allow users’ GroupWise clients to automatically embed information in Internet- 
bound items. The embedded information instructs the receiving system to send back a delivery 
notification message (if it is supported). By default, this option is enabled. 


To make Internet Status Tracking work, users must also turn on the setting in the GroupWise client 
(Tools > Options > Send Options > Mail > Enable Delivery Confirmation). By default, the Enable 
Delivery Confirmation is turned off in the Group Wise client. 


Expiration Date 


Select this option to have unopened messages expire after the specified number of days. By default, 
this option is disabled. 


Delay Delivery 


Select this option to delay the delivery of messages for the specified number of days. For example, if 
you specify 3 days, a message is not delivered until 3 days after the day it is sent. Messages are 
delivered at 12:01 a.m. of the appropriate day. By default, this option is disabled. 


Wildcard Addressing 


Wildcard addressing enables a user to send an item to all users in a post office, domain, Group Wise 
system, or connected Group Wise system by inserting asterisks (*) as wildcards in e-mail addresses. 
+ Not Allowed: Select this option to disable wildcard addressing. 


¢ Limited to Post Office (Default): Select this option to limit wildcard addressing to the user’s 
post office. This means that a user can send an item to all users on the same post office by 
entering * in the item’s address field. 
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¢ Limited to Domain: Select this option to limit wildcard addressing to the user’s domain. This 
means that a user can send an item to all users in the domain by entering *.* in the item’s 
address field. A user can also send an item to all users on another post office in the domain by 
entering *.post office name in the item’s address field. 


+ Limited to System: Select this option to limit wildcard addressing to the user’s GroupWise 
system. This means that a user can send an item to all users in the GroupWise system by 
entering *.*.* in the item’s address field. A user can also send an item to all users in another 
domain by entering *.domain_name or to all users in another post office by entering 
* post_office_name. 

¢ Unlimited: Select this option to allow unlimited use of wildcard addressing. This means that a 
user can send an item to all users in another GroupWise system by entering 
* post_office_name.domain_name or *.domain_name in the item’s address field. 


Notify Recipients 


Select this option to have recipients notified when they receive an item, if they are using Group Wise 
Notify. By default, this option is enabled. 


Convert Attachments 


Select this option to allow conversion of attachments in items sent to non-Group Wise e-mail 
systems through a GroupWise gateway. 


Allow Reply Rules to Loop 


By default, GroupWise does not allow a rule-generated reply to be replied to by another rule- 
generated reply. This situation, referred to as looping, can quickly increase message traffic. To allow 
reply rules to loop, select this option. 


Send Options: Mail 
The Mail options apply to mail and phone messages only. 


Figure 65-10 Send Options Dialog Box with the Mail Tab Open 
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Create a Sent Item to Track Information 


By default, items the user sends are inserted in the user’s Sent Items folder. Deselect this option if 
you do not want the items placed there. If items are not placed in the Sent Items folder, users cannot 
check the delivery status of the item. The following options are available only if this option is 
selected. 


¢ Delivered: Select this option to track delivered status only. The user can open the Properties 
window of the message to view the status. 


+ Delivered and Opened (Default): Select this option to track delivered and opened status only. 
The user can open the Properties window of the sent message to view the status. 


+ All Information: Select this option to track all status information (delivered, opened, deleted, 
emptied). The user can open the Properties window of the message to view the status. 


+ Auto-Delete Sent Item: Select this option to automatically delete messages from the user's 
Mailbox after all the recipients have deleted the messages and emptied them from the Trash. 


Return Notification 


In addition to status tracking information, the user can receive notification when a message is 
opened or deleted. Choose from the following notification options: 
+ None (Default): The user does not receive notification. 


+ Mail Receipt: The user receives a mail message stating that the recipient opened or deleted the 
message. 


+ Notify: The user receives notification through GroupWise Notify when the recipient opens or 
deletes the message. 


¢ Notify and Mail: The user will receive notification through GroupWise Notify and a mail 
message. 


Send Options: Appointment 


The Appointment options apply to appointments only. 
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Figure 65-11 Send Options Dialog Box with the Appt Tab Open 
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Create a Sent Item to Track Information 


The setting for this option is inherited from the setting on the Mail tab; it can only be enabled or 
disabled on the Mail tab. Ifthe option is enabled, you can choose from the following status tracking 
levels: 


¢ Delivered: Select this option to track delivered status only. The user can open the Properties 
window of the appointment to view the status. 


¢ Delivered and Opened: Select this option to track delivered and opened status only. The user 
can open the Properties window of the appointment to view the status. 


¢ All Information (Default): Select this option to track all status information (delivered, 
opened, deleted, emptied). The user can open the Properties window of the appointment to 
view the status. 


Return Notification 


In addition to status tracking information, the user can receive notification when an appointment is 
opened, accepted, or deleted. Choose from the following notification options: 
+ None (Default): The user does not receive notification. 


+ Mail Receipt: The user receives a mail message stating that the recipient opened, accepted, or 
deleted the appointment. 


+ Notify: The user receives notification through GroupWise Notify when the recipient opens, 
accepts, or deletes the appointment. 





+ Notify and Mail: The user receives notification through GroupWise Notify and a mail 
message. 


Send Options: Task 


The Task options apply to tasks only. 
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Figure 65-12 Send Options Dialog Box with the Task Tab Open 
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Create a Sent Item to Track Information 


The setting for this option is inherited from the setting on the Mail tab; it can only be enabled or 
disabled on the Mail tab. If the option is enabled, you can choose from the following status tracking 
levels: 


¢ Delivered: Select this option to track delivered status only. The user can open the Properties 
window of the task to view the status. 


¢ Delivered and Opened: Select this option to track delivered and opened status only. The user 
can open the Properties window of the task to view the status. 


¢ All Information (Default): Select this option to track all status information (delivered, 
opened, deleted, emptied). The user can open the Properties window of the task to view the 
status. 


Return Notification 


In addition to status tracking information, the user can receive notification when a task is opened, 
accepted, completed, or deleted. Choose from the following notification options: 
+ None (Default): The user does not receive notification. 


+ Mail Receipt: The user receives a mail message stating that the recipient opened, accepted, 
completed, or deleted the task. 


+ Notify: The user receives notification through GroupWise Notify when the recipient opens, 
accepts, completes, or deletes the task. 





+ Notify and Mail: The user receives notification through GroupWise Notify and a mail 
message. 


Send Options: Note 


The Note options apply to notes only. 
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Figure 65-13 Send Options Dialog Box with the Notes Tab Open 
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Create a Sent Item to Track Information 


The setting for this option is inherited from the setting on the Mail tab; it can only be enabled or 
disabled on the Mail tab. Ifthe option is enabled, you can choose from the following status tracking 
levels: 


¢ Delivered: Select this option to track delivered status only. The user can open the Properties 
window ofthe note to view the status. 


+ Delivered and Opened (Default): Select this option to track delivered and opened status only. 
The user can open the Properties window of the note to view the status. 


+ All Information: Select this option to track all status information (delivered, opened, deleted, 
emptied). The user can open the Properties window of the note to view the status. 


Return Notification 


In addition to status tracking information, the user can receive notification when a note is opened or 
deleted. Choose from the following notification options: 
+ None (Default): The user does not receive notification. 


+ Mail Receipt: The user receives a mail message stating that the recipient opened or deleted the 
note. 


¢ Notify: The user receives notification through GroupWise Notify when the recipient opens or 
deletes the note. 





+ Notify and Mail: The user receives notification through GroupWise Notify and a mail 
message. 


Send Options: Security 


The Security options apply to all GroupWise item types (mail messages, phone messages, 
appointments, tasks, and notes). 
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Figure 65-14 Send Options Dialog Box with the Security Tab Open 
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Conceal Subject 


Select this option to conceal the item’s subject so the notification that appears on the recipient’s 
screen does not include the subject. The subject of the item is also concealed in the recipient’s 
mailbox and the sender’s Sent Items folder. It is visible only when the item is being read. 


Require Password to Complete Routed Item 


Select this option to require a user to enter a password before completing a routed item. 


Secure Items Options 


If users have installed security providers on their workstations, select the options you want them to 
use. 


+ Do Not Allow Use of S/MIME: Select this option to disable S/MIME functionality. This 
disables the Encrypt and Digitally Sign buttons (and other related S/MIME functionality) in the 
Group Wise client. By default, this option is enabled. When it is enabled, you can modify the 
rest of the options in the dialog box. 


¢ URL for Certificate Download: Specify the Internet address of your preferred certification 
authority. If not otherwise changed in this field, the GroupWise client accesses http:// 
www.novell.com/groupwise/certified.html, which lists several common certification 
authorities. 


¢ Sign Digitally: Select this option to enable users to add a digital signature to their outgoing 
messages. Recipients of a digitally-signed item who have S/MIME-enabled e-mail products are 
able to verify that the item is actually from the sender. This setting is not a useful security 
measure unless you lock it as the default. 


¢ Encrypt for Recipients: Select this option to enable users to encrypt an outgoing item so they 
can ensure that the intended recipients who have an S/MIME-enabled e-mail product are the 
only individuals who can read the item. This setting is not a useful security measure unless you 
lock it as the default. 
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If you enable the Encrypt for Recipients options, you can set the encryption algorithm and key 
size. The available algorithm methods (RC2, RC4, DES, 3DES) are trusted algorithms that 
encrypt or transform data to mask the original content. The key size sets the default size (in 
bits) of the encryption key that is used with the algorithm you select. These settings are not 
useful security measures unless you lock them. 


Send Options: Disk Space Management 


The Disk Space Management options let you enforce disk space limitations for users on a post 
office. 


Figure 65-15 Send Options Dialog Box with the Disk Space Management Tab Open 
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User Limits 


Select this option if you want to impose limits on the size of users’ mailboxes or the size of 
messages they can send. By default, this option is disabled. If you enable it, you can modify the 
following options: 


+ Mailbox Size Limit: Specify the maximum amount of post office disk space available to users 
for storing message and attachment files. The setting uses logical disk space because 
attachments are shared by all recipient users on the same post office. Messages in shared 
folders are counted as disk space only for the owner of the shared folder. If you do not want to 
limit the mailbox size, set the value to zero (0). 


If users meet or exceed their mailbox size limits, they cannot send items until their mailboxes 
are under the size limit. Users can reduce the size of their mailboxes by deleting or archiving 
items. 


¢ Threshold for Warning Users: Select the mailbox capacity (as a percentage) that must be 
reached before the user is warned that his or her mailbox is reaching its limit. For example, if 
the mailbox size limit is 200 MB and the threshold is set at 75%, users receive warnings when 
their mailboxes reach 150 MB. Set the value to 0 or 100 if you do not want users to receive a 
warning. 
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+ Maximum Send Message Size: Specify the maximum size of a message (in kilobytes) that a 
user can send using the GroupWise client. If the user sends an item that exceeds this size, a 
message notifies the user that the item is too large to send. 


You can also set message size limits at the post office level through POA configuration, at the 
domain level through MTA configuration, and at the GroupWise system level through Internet 
Agent configuration, as described in Section 12.3.4, “Restricting the Size of Messages That 
Users Can Send,” on page 185. 


+ Limits Apply to Cache: Use the same disk space limits for users’ Caching mailboxes on local 
workstations as you are using for their Online mailboxes in the post office. If you impose this 
limit on users who have existing Caching mailboxes, their Caching mailboxes might be 
reduced in size in order to meet the new disk space limit. Such users should be warned in 
advance so that they can back up their Caching mailboxes before the size reduction takes place. 
Otherwise, user could lose messages that they want to keep. 


+ Notify the Administrator When Threshold Limit Is Exceeded: Select this option so that 
the administrator is notified along with the user when the user’s mailbox exceeds the size 
established in the Threshold for Warning Users field. The administrator who receives the 
notification must be defined on the Identification page of the Domain object. 


+ Notify the Administrator When Size Limit Is Exceeded: Select this option so that the 
administrator is notified when the user’s mailbox exceeds the size established in the Mailbox 
Size Limit field. The administrator who receives the notification must be defined on the 
Identification page of the Domain object. 


Send Options: Global Signature 


The Global Signature option lets you set the global signature. To set options at the domain level, 
select a domain. To set options at the post office level, select a post office. To set options for 
individual users, select one or more users. 


Figure 65-16 Send Options Dialog Box with the Global Signature Tab Open 
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Global Signature 
1 Select a global signature to append to users’ messages. 
When enabled, global signatures are automatically appended to every message that is sent by 
the users. For more information, see Section 4.14, “Global Signatures,” on page 71. 


2 Select Apply the signature to all messages to add the signature to all internal or external 
messages. 


or 
Select Apply signature to external messages only to apply the signature to messages that are 
sent through the GroupWise Internet Agent. 


If you select Default Global Signature, the default signature that is used by the GroupWise Internet 
Agent is applied. If you select None, then no signature is applied. 





NOTE: All Global Signature options pertain only to the Windows client. 





65.2.3 Modifying Security Options 


1 Ifthe Security Options dialog box is not displayed, follow the instructions in Section 65, 
“Setting Defaults for the GroupWise Client Options,” on page 1045 to display the dialog box. 
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2 Click the tab that contains the options you want to change. Refer to the following sections for 
information about options: 


“Security Options: Password” on page 1074 
“Security Options: Macros” on page 1075 
“Security Options: Notify” on page 1076 





NOTE: To see which Security options are recognized by the Cross-Platform client, refer to the 
client options table in Section 65.1, “Client Options Summary,” on page 1045. 





3 Ifyou want to prevent users from changing an option’s setting, click the lock button next to it. 


After you click it, the lock button indicates whether the setting is locked at the domain level, 
the post office level, or the user level. 
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4 If you want to return all the options on a tab to their default settings, click Restore Default 
Settings. 


5 When finished, click OK to save your changes. 
Security Options: Password 


The Password options let you reset a user’s password and enable various methods by which a user 
can set up the Group Wise client so that he or she doesn’t have to enter a password at startup. 


Figure 65-17 Security Options Dialog Box with the Password Tab Open 
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For background information about passwords, see Chapter 70, “GroupWise Passwords,” on 
page 1115. 


Enter New Password 


This option is available only when setting client options for an individual user. You can use this 
option to set or reset a user's password. You should advise the user to change the password as soon 
as possible. 


Retype Password 


This option is available only when setting client options for an individual user. If you enter a new 
password, verify it by retyping it in this field. 


Clear User Password 


This option is available only when setting client options for an individual user. Select the option to 
clear an existing password without assigning a new password. 


Allow Password Caching 


Select this option to allow users to enable the Remember My Password option under Security options 
in the GroupWise client. The Remember My Password option stores the user's password in the 
workstation's Windows password list so that the user does not need to enter the password when 
starting GroupWise. This option is enabled by default. 
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The Remember My Password option applies to Windows 95/98/ME only. It is not displayed to users 
running the GroupWise client on Windows 2000/XP/2003. Because Windows 95/98/NT are not 
supported platforms for the latest client release, this option is for older versions of the client. 


Allow eDirectory Authentication Instead of Password 


Select this option to allow users to select the No Password Required with eDirectory option under 
Security options in the GroupWise client. When this option is selected in the client, the user can 
access his or her mailbox without requiring a password if he or she is already logged in to Novell 
eDirectory. Mailbox access is granted based on eDirectory authentication, not on password 
information. 





NOTE: In versions of GroupWise prior to the GroupWise 5.5 Enhancement Pack, this option was 
called Allow NDS Single Sign-on. The option name has been changed to avoid confusion with the 
Novell Single Sign-on product. 





Enable Single Sign-On 


Select this option to give users the Use Single Sign-on option under Security Options in the 
GroupWise client. This option lets the user access his or her mailbox without reentering the 
password. After a user selects Use Single Sign-On in the GroupWise client, the GroupWise 
password is stored in eDirectory for the currently logged-in user. 





IMPORTANT: Novell Single Sign-on must be installed on the user’s workstation in order for this 
option to take effect. 





Use Collaboration Single Sign-on (CASA) 


Select this option to give users the Use Collaboration Single Sign-on (CASA) option under Security 
Options in the GroupWise Windows client. This option lets the user access his or her mailbox 
without reentering the password if the Collaboration Single Sign-on (CASA) software is installed. 
After a user selects Use Collaboration Single Sign-On (CASA) in the Group Wise client and if the 
CASA client is installed, the GroupWise password is stored for the currently logged-in user. 


Security Options: Macros 


The Macros option determines how GroupWise handles macros that are included in received 
messages. 
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Figure 65-18 Security Options Dialog Box with the Macros Tab Open 
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View Macro Security 
Choose from the following settings to determine the level of macro security: 
+ Always Play Received Macros: Select this option to play attached macros when the message 
is opened. 


+ Never Play Received Macros: Select this option to ignore attached macros. Macros do not 
play. 

+ Always Prompt Before Playing a Macro (Default): Select this option to have the user 
prompted to play the macro. 


Security Options: Notify 


The Notify option determines how often GroupWise Notify checks a user’s mailbox for newly 
received items. If new items are detected, the user is notified. The default is every minute. 


Figure 65-19 Security Options Dialog Box with the Notify Tab Open 
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65.2.4 Modifying Date and Time Options 


1 Ifthe Date and Time Options dialog box is not displayed, follow the instructions in Section 65, 
“Setting Defaults for the GroupWise Client Options,” on page 1045 to display the dialog box. 
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2 Click the tab that contains the options you want to change. Refer to the following sections for 
information about options: 


“Date and Time Options: Calendar” on page 1077 
“Date and Time Options: Busy Search” on page 1079 


NOTE: The Date and Time options are not currently recognized by the Cross-Platform client. 





3 Ifyou want to prevent users from changing an option’s setting, click the lock button next to it. 


After you click it, the lock button indicates whether the setting is locked at the domain level, 
the post office level, or the user level. 


4 Ifyou want to return all the options on a tab to their default settings, click Restore Default 
Settings. 


5 When finished, click OK to save your changes. 


Date and Time Options: Calendar 


The Calendar options determine basic settings for the GroupWise Calendar. 
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Figure 65-20 Date and Time Options Dialog Box with the Calendar Tab Open 
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Month Display Option 
Select from the following options to determine how the month calendar is displayed: 


¢ First of Week: Select the day of the week that you want to display as the first day on the 
calendar. 


¢ Highlight Day: Select any days you want highlighted, such as weekends and holidays. 


+ Show Week Number: Select this option to display the week number (1 through 52) at the 
beginning of the calendar week. 


Appointment Options 
Select from the following options to determine how appointments are handled: 


+ Include Myself on New Appointments: Select this option to have the sender automatically 
included in the appointment’s To: list. This option is enabled by default. 


¢ Display Appointment Length As: When creating an appointment, the sender must specify the 
appointment’s length. You can use this option to determine whether the sender enters a duration 
for the appointment or an end time for the appointment. Select the Duration setting to have 
appointments display a Duration field that the sender must fill in (for example, 30 minutes, 1 
hour, or 10 hours). Select the End Date and Time setting to have appointments display End 
Date and Time fields that the sender must fill in (for example, June 3, 2007 and 10:00 a.m.). 
The default setting is Duration. 


¢ Default Length: Select the default length for appointments. Users can change the length. If the 
appointment’s length is displayed as a duration, the duration defaults to this length. If it is 
displayed as an end date and time, the end time defaults to the start time plus the default length 
(for example, if the start time is 9:00 a.m. and the default length is 1 hour, the end time defaults 
to 10:00 a.m). 
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Alarm Options 


Users can set appointment alarms so that they are notified prior to an appointment time. Select from 
the following options to determine the default settings for an alarms: 


+ Set Alarm When Accepted: Select this option to have an alarm automatically set when the 
user accepts an appointment. By default, this option is enabled. 


+ Default Alarm Time: Select the number of minutes before an appointment to notify the user. 
The default is 5 minutes. 


Work Schedule 


The work schedule determines the user’s normal work days and hours. In the calendar and during 
busy searches, any days or hours outside of the work schedule are represented by gray squares (Out 
of Office). Users can still be scheduled for appointments during non-work hours. 

¢ Start Time: Select the daily start time. The default is 8:00 a.m. 

+ End Time: Select the daily end time. The default is 5:00 p.m. 

+ Work Days: Select the work days. The start time and end time are applied to each work day. 


Date and Time Options: Busy Search 


The Busy Search options determine the amount of free time required for the appointment and the 
range of dates to search. 


Figure 65-21 Date and Time Options Dialog Box with the Busy Search Tab Open 


Date Time Options: Provo2 


Calendar i 
Appointment Length Days to Search 


Appointment Length 0 hours 15 Srintes ion | IV Monday cS 


[V Tuesday 





[V Wednesday 
Range and Time to Search 
IV Thursday 


Search Range: 7 Shays [V Friday 
From: 3:00 AM a 
Saturday 
To: 5:00 PM I Sunday 


Restore Default Settings 











EEA Cancel Help 





Appointment Length 


Set the default appointment length to search. You can set the length in 15-minute increments. The 
default is 15 minutes. This setting is used only when the user does a busy search through the Busy 
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Search option on the Tools menu. Otherwise, the default appointment length defined on the 
Calendar tab is used (see “Date and Time Options: Calendar” on page 1077). 


Range and Time to Search 


Specify the number of days to include in the search, then set the daily start and end times for the 
search. 


Days to Search 


Select the days to search. By default, the typical work days (Monday through Friday) are selected. 


65.3 Resetting Client Options to Default Settings 


You can reset client options to the defaults for one or more users using Mailbox/Library 
Maintenance. 
1 In ConsoleOne, select one or more User objects (or GroupWise External Entity objects). 
2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 
3 Inthe GroupWise Objects list, select Users/Resources. 
4 Inthe Actions list, select Reset Client Options, then click Run. 
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Distributing the GroupWise Client 66 


You can distribute the GroupWise® client software in various ways: 
+ Section 66.1, “Using GroupWise AutoUpdate and SetupIP to Distribute the GroupWise 
Windows Client,” on page 1081 


+ Section 66.2, “Using ZENworks Desktop Management to Distribute the GroupWise Windows 
Client,” on page 1095 


+ Section 66.3, “Using Novell ZENworks Linux Management to Distribute the Group Wise 
Cross-Platform Client,” on page 1101 


66.1 Using GroupWise AutoUpdate and SetuplP 
to Distribute the GroupWise Windows Client 


During installation and subsequent updates, the GroupWise® 7.x Windows client Setup program 
(setup.exe) by default requires user intervention at the workstation in order to install the client 
software. However, by using a setup configuration file (setup. cfg), you can simplify or 
eliminate the user responses during installation, and you can cause installations and updates to occur 
at specific times. 


With AutoUpdate enabled, users are prompted to update their Windows client software, but they are 
not required to update and they can turn off the update prompt. If you want, you can force users to 
update their client software immediately, or you can allow them a specified number of grace logins 
to the existing version before you force them to update. This allows you to maintain current versions 
of the Windows client software on the network. 


By default, AutoUpdate requires user workstations to have a mapped drive to the client \win32 
directory in the software distribution directory. However, with SetupIP enabled, users can install the 
Windows client software by way of a TCP/IP connection to a Web server and a mapped drive is not 
necessary 

+ Section 66.1.1, “Preparing to Use AutoUpdate,” on page 1082 

+ Section 66.1.2, “Using the Setup Configuration File,” on page 1085 

+ Section 66.1.3, “Modifying the Setup Configuration File,” on page 1085 

+ Section 66.1.4, “Adding LDAP Directory Service Accounts,” on page 1091 

+ Section 66.1.5, “Testing Your AutoUpdate Configuration,” on page 1092 

+ Section 66.1.6, “Enabling AutoUpdate,” on page 1093 

+ Section 66.1.7, “Modifying the addon.cfg File,” on page 1094 

+ Section 66.1.8, “Error Log File,” on page 1095 





NOTE: This section does not apply to the Cross-Platform client. 
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66.1.1 Preparing to Use AutoUpdate 


Your preparation for implementing AutoUpdate depends on whether users install the Windows 
client software from a mapped drive or a TCP/IP connection. 
+ “Verifying the Windows Client Software in the Software Distribution Directory” on page 1082 
+ “Accessing the Windows Client Software from a Mapped Drive” on page 1082 


+ “Accessing the Windows Client Software from a TCP/IP Connection to a Web Server” on 
page 1083 


Verifying the Windows Client Software in the Software Distribution Directory 


In order for AutoUpdate to function correctly, the Windows client software must be available in the 
client subdirectory of the software distribution directory that is assigned to each post office on 
the Post Office Settings property page of each Post Office object. 


Properties of Development 


‘GroupWise "| NDS Rights + | Other | Rights to Files and Folders 
Pest Cuca Settings 





Network Type: Novell NetWare 





Software Distribution Directory: GroupWise 7 Software 





Access Mode: Client/Server Only 





Le} Leh Led Le 





Delivery Mode: Use App Thresholds 





Max Age for Address Book Updates: 15 4 days 


I” Disable Live Move 
Restore Area: (Not Set) 


Remote File Server Settings 





Remote User Name: | 


Remote Password: Set Password 





Page Options... | Cancel | 





During the initial installation of the GroupWise Administration component, the Windows client files 
are copied to the software distribution directory on one server. For example, if you accepted the 
default z: \grpwise\software as your target, the Windows client software was copied to 
z:\grpwise\software\client\win32. 


Depending on the size of your GroupWise system, you might have created additional software 
distribution directories after your initial installation, as described in Section 4.9, “Software 
Directory Management,” on page 64. Before you enable AutoUpdate, ensure that all software 
distribution directories contain the Windows client software that you want to distribute to users. 


Accessing the Windows Client Software from a Mapped Drive 


If you want to use AutoUpdate to install the Windows client software from a software distribution 
directory on a mapped drive, users must be given Read and File Scan rights to the following 
directories: 

software distribution directory\client 

software distribution directory\client \win32 
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In addition, when AutoUpdate runs, user workstations must have a drive mapped to the following 
directory: 


software distribution directory\client\win32 





Skip to Section 66.1.2, “Using the Setup Configuration File,” on page 1085. 


Accessing the Windows Client Software from a TCP/IP Connection to a Web Server 


If you want to enable SetupIP so that users do not need a mapped drive to the software distribution 
directory, you must configure your Web server to provide the Windows client software to users. You 
can make the Windows client software available on as many as five Web servers. This section walks 
you through setting up and testing the first Web server. Repeat the procedure as needed for 
additional Web servers. 


1 Create a subdirectory in the documents directory of your Web server for the Windows client 


software: 

Web Server Documents Directory 

Apache 2 on NetWare® 6.5 sys:\apache2\htdocs 

Apache 1.3 on NetWare 6 sys: \apache\nwdocs 

Netscape Enterprise Server for NetWare on sys: \novonyx\suitespot\docs 
NetWare 6 

Apache 2.2 on Linux /srv/www/htdocs 


Microsoft Internet Information Server (IIS) 5 on  \inetpub\wwwroot 
Windows Server 2000/2003/2003 R2 


For example, you could create a subdirectory named gw7client in the documents directory 
of your Web server. 


2 Inthe new client directory, create a win32 directory. 


3 Browse to the following directory: 


software distribution directory\admin\utility\setupip 





4 Inthe setupip directory, run writeip.exe. 


IP Addresses 
. fhttp:#/x.x.x.x/Client Cancel 




















Choose IP addresses at random. 


Download Options 
Download to a temporary directory. 


© Download to a specific directory. 
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4a In the IP Addresses list, specify the location of the client directory you created in Step 1 
above. 


For example, you could specify: 
http://172.16.5.18/gw7client 


or 
http://intranet.corporate.net/gw7client 


You can include proxy and port information, for example: 
http://intranet.corporate.net/gw7client;proxy.corporate:1690 


When you set up multiple Web servers, each location is checked in order during 
AutoUpdate, until a connection is made. If you select Choose IP Address at Random, the 
order in which the locations are checked is selected randomly when AutoUpdate occurs. 
This balances the load on each Web server. 


4b Select other download options as desired to control how the Windows client downloads 
the software from the Web server. 


Download to a Temporary Directory: Select this option if you want the Windows client 
to download the updated software, install it, then delete the temporary location so that no 
trace is left on each user's workstation. 


Download to a Specific Directory: Select this option if you want to control the directory 
on each user’s workstation where the Windows client software is downloaded. This option 
allows you to choose whether the installation image remains on each user’s workstation, 
the quantity of files to download, and whether each user can choose the location for the 
installation image. If you allow users to choose the location, users are prompted for the 
download directory. 


Ac Click OK. 


The writeip.exe program now creates a customized setupip.exe program. In 
addition, it creates a writeip. ini file that stores the options you selected when you 
ran writeip.exe. 


4d If you are installing in a multilingual environment and you want to suppress the language 
prompt during installation, add a section similar to the following to the writeip.ini 
file: 
[Language] 
ShowLanguageDialog=No 
Language=Yes 


where Language is on of the languages listed in the setup.cfg file. Adda 
Language line for each language that you want installed on each user’s workstation. 
Without this section in the writeip.ini file, users are prompted to choose among the 
available languages. 


5 From the setupip directory, copy the new setupip. exe file to the 
software distribution directory\client\win32 directory. 





6 Copy the setupip. fil file from the setupip directory to the new client directory you 
created on the Web server in Step 1. 


The setupip. fil file contains all of the Windows client software files that are language 
independent. 


7 To support the languages in use by Windows client users, copy setupip. xx files from the 
setupip directory to the client directory you created on the Web server in Step 1. 
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The setupip. xx files (where xx represents a two-letter language code) contain all of the 
Windows client software files that are language specific. 


8 Continue with Using the Setup Configuration File. 


66.1.2 Using the Setup Configuration File 


The setup configuration file (setup. cfg) is an ASCII text file that supports extended ASCII 
characters. Its default location is the following directory: 


software distribution directory\client 





This is not the same directory where the Windows client Setup program (setup.exe) is located: 





software distribution directory\client\win32 


Therefore, by default, when a user runs the Setup program, the user must respond to the prompts that 
the Setup program displays, because the setup configuration file is not available. 


The setup configuration file contains the responses normally provided by the user during the 
installation of'the Windows client software. For example, the path for the client files, the folder for 
the Group Wise icons, and whether to automatically launch Notify are specified in this file. In 
addition, information can be added to the setup configuration file to add predefined LDAP directory 
service accounts to the Address Book in the client during installation. 


If you modify the default setup configuration file and copy it to the same directory where the Setup 
program is located (that is, to the win 32 directory), the Setup program reads the setup configuration 
file and performs the installation according to the entries in the file. Depending on the entries in the 
setup configuration file, the user might or might not be prompted to provide information during the 
Windows client installation. 


66.1.3 Modifying the Setup Configuration File 


The setup configuration file (setup . cfg) is divided into the sections listed below. In the setup 
configuration file, each section head must be enclosed in brackets [ ] as shown in the list. 


Make a backup copy of the setup configuration file, then modify the file as needed so that the Setup 
program (Setup.exe) performs the Windows client software installation the way you want it to, 
when you enable AutoUpdate. 

+ “[GroupWiseSetup]” on page 1086 

+ “[ShowDialogs]” on page 1087 

+ “TAutoUpdate]” on page 1087 

+ “[Startup]” on page 1088 

+ “[GWTip]” on page 1089 

+ “[GWMailTo]” on page 1089 

+ “[PDAConnect]” on page 1089 

+ “[GWCheck]” on page 1090 

+ “[IntegrationApps]” on page 1091 

+ “[Languages)]” on page 1091 
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[GroupWiseSetup] 


+ “Version=” on page 1086 

+ “Path=” on page 1086 

+ “Folder=” on page 1086 

+ “LaunchMessenger=” on page 1086 
+ “LaunchNotify=” on page 1086 

+ “OutlookFirewallException=” on page 1086 
+ “TPAddress=” on page 1086 

+ “IPPort=” on page 1087 

+ “DefaultIPAddress=” on page 1087 
+ “DefaultIPPort=” on page 1087 

+ “StopService=” on page 1087 


Version= 


Specifies the Group Wise version being installed. It must match the actual version being installed; 
otherwise, the Setup program does not use the setup configuration file. The default is 7.0. 


Path= 


Specifies the path where you want GroupWise to be installed during a standard installation. The 
default path is c: \Novell\GroupWise. 


Folder= 


Specifies the Windows folder where GroupWise icons are created. The default is Novell 
GroupWise. 


On the Windows Start menu, icons are provided for the GroupWise client, Notify, and the 
GroupWise Address Book. 


LaunchMessenger= 


Specifies whether GroupWise Messenger should be launched when GroupWise starts. The default is 
No. 


LaunchNotify= 
Specifies whether GroupWise Notify should be launched when GroupWise starts. The default is No. 


OutlookFirewallException= 


Specifies whether Outlook should be added to the Windows XP Firewall exceptions list. The default 
is Yes, which adds Outlook to the exceptions list. 


IPAddress= 


Optionally specifies the IP address for the client to always use (as opposed to the first time it starts). 
Use this setting to set the IP address per post office when using multiple post offices. 
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IPPort= 


Optionally specifies the port for the client to always use (as opposed to the first time it starts) 


DefaultlPAddress= 


Optionally specifies the default IP address for the client to use the first time it starts. This should be 
an IP address that everyone on the system has access to (for example, ngwnameserver). 


DefaultlPPort= 


Optionally specifies the default port for the client to use the first time it starts. 


StopService= 

Optional stops a service and restarts the service after installation is complete. This is helpful when a 
particular service is preventing the installation from functioning properly. 

[ShowDialogs] 


+ “ShowDialogs=” on page 1087 
+ “ShowProgress=” on page 1087 
+ “Show Finish=” on page 1087 


ShowDialogs= 


Specify No to hide dialog boxes during the installation. Specify Yes to show the dialog boxes. The 
default is Yes. 


If an entry is missing from the setup configuration file and ShowDialogs=Yes, the Setup 
program selects the default setting. If ShowDialogs=No, the Setup program prompts the user for 
a selection. 


ShowProgress= 


Specify Yes to show the progress indicator during the installation. Specify No to hide the progress 
indicator during installation. The default is Yes. 


Show Finish= 


Specify Yes to display the Finish dialog box during the installation. Specify No to hide this dialog 
box. The default is Yes. 


[AutoUpdate] 


When an update to the Group Wise software is available, users are prompted if they want to install 
the new software when they start Group Wise. For complete instructions on enabling AutoUpdate, 
see Section 66.1.6, “Enabling AutoUpdate,” on page 1093. 

+ “Enabled=” on page 1088 

+ “SetupIPEnabled=” on page 1088 

+ “ForceUpdate=” on page 1088 

+ “GraceLoginCount=” on page 1088 
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+ “PromptUntilUpdated=” on page 1088 


Enabled= 


Specify Yes if you want users to be prompted to update their Windows client software as soon as a 
newer version is available. Specify No if you want to disable the AutoUpdate feature. The default is 
Yes. 


If you specify No, the ForceUpdate= entry below is ignored. This can be useful if you intend to 
distribute the client software by using a different method, such as ZENworks® Desktop 
Management, or if you want to disable AutoUpdate at the post office level during a migration to a 
newer version of GroupWise. 


SetuplPEnabled= 


Specify Yes if you want AutoUpdate to obtain the Windows client software from a Web server, as 
described in “Accessing the Windows Client Software from a TCP/IP Connection to a Web Server” 
on page 1083. The default is No, which means that AutoUpdate needs a mapped drive by default. 


ForceUpdate= 
Select Yes if you want Group Wise to automatically update the users’ software. The default is No. 


Users can still click Cancel to cancel the update. However, they cannot run the GroupWise client 
and access their mailboxes until they do update the client software. 


GraceLoginCount= 


Specify the number of grace logins allowed before you require the users to update their client 
software. The default is 0 (zero). 


If ForceUpdate is set to No above, this entry is ignored. 


PromptUntilUpdated= 


Specify Yes if you want GroupWise to prompt the user to update the client each time the 
GroupWise client starts, until the user does update the client software. The default is No, which 
means that, if the user chooses not to update the client software, the user is allowed to continue 
running the current version indefinitely. 


[Startup] 
+ “Notify=” on page 1088 
Notify= 


Specify Yes to place Notify in the Windows Startup folder so that it starts automatically when the 
computer starts. The default is No. 


In the Group Wise client, users can configure Group Wise to start Notify automatically by using Tools 
> Options > Environment > Launch Notify on Startup. 
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[GWTip] 


The Tip of the Day introduces what’s new in the GroupWise client, as well as displaying a variety of 
hints about using GroupWise. A new tip is displayed each time GroupWise is started. 


+ “Default=” on page 1089 
+ “Hide=” on page 1089 
Default= 
If you specify No, Tip of the Day is not installed. If you specify Yes, Tip of the Day is installed. The 
default is Yes. 
Hide= 
If you specify No, Tip of the Day appears in the Select Components dialog box. The default is No. 


The Hide= entry allows the system administrator to force the user to install or not install a 
particular component. If Hide=Yes, then the component is not listed in the Select Components 
dialog box and the Default= entry determines if the component is going to be installed. For 
example, if Hide=Yes and Default=Yes, then the component always is installed. However, if 
Hide=Yes and Default=No, then the component is never installed. 


[GWMailTo] 


This section enables Internet Browser Mail Integration, which makes the GroupWise client the 
default e-mail program in the user’s browser. Whenever a user clicks an e-mail link on a Web page 
or chooses Mail in the browser, the GroupWise client opens. 


Default= 


If you specify No, Internet Browser Mail Integration appears in the Select Components dialog box. 
The default is No. 
Hide= 


If you specify No, Internet Browser Mail Integration appears in the Select Components dialog box. 
The default is No. 


The Hide= entry allows the system administrator to force the user to install or not install a 
particular component. If Hide=Yes, then the component is not listed in the Select Components 
dialog box and the Default= entry determines if the component is going to be installed. For 
example, if Hide=Yes and Default=Yes, then the component is always installed. However, if 
Hide=Yes and Default=No, then the component is never installed. 


[PDAConnect] 


This section installs PDA Connect, which makes it possible to synchronize Group Wise with a PDA 
device. 


+ “Default=” on page 1090 
+ “Hide=” on page 1090 
» “Silent=” on page 1090 
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Default= 


If you specify No, PDA Connect is not installed. If you specify Yes, PDA Connect is installed. The 
default is No. 


Hide= 


If you specify No, the user sees the PDA Connect installation dialog boxes. If you specify Yes, the 
user does not see the PDA Connect dialog boxes. The default is No. 


The Hide= entry allows the system administrator to force the user to install or not install a 
particular component. If Hide=Yes, then the component is not listed in the Select Components 
dialog box and the Default= entry determines if the component is going to be installed. For 
example, if Hide=Yes and Default=Yes, then the component is always installed. However, if 
Hide=Yes and Default=No, then the component is never installed. 


Silent= 


If you specify No, the PDA Connect install runs normally. If you specify Yes, the PDA Connect 
install runs without user interaction and installs the translators for the device that is detected (Palm*, 
Pocket PC, or both). This setting also exists under 
\client\win32\addons\pdaconnect\addon. cfg. The default is No. 


PDA Connect is not an install option unless the user has either Palm Desktop or ActiveSync 
installed. 


[GWCheck] 


This section installs and enables GroupWise Check (GWCheck). GWCheck is a tool that performs 
maintenance and repair tasks on GroupWise databases in order to keep GroupWise running 
smoothly. 


GWCheck is a standalone version of the Mailbox/Library Maintenance feature available in 
ConsoleOne®. GWCheck checks and repairs Group Wise user, message, library, and resource 
databases without having ConsoleOne and the Group Wise snap-in loaded. In addition to checking 
post office, user, and library databases, it can also check remote and archive databases that cannot be 
accessed by ConsoleOne because they are not available on the network. 


+ “InstallGWCheck=” on page 1090 
+ “GWCheckEnabled=” on page 1090 
InstallGWCheck= 


Specify Yes to install GWCheck files to the workstation. Specify No to not install GWCheck. The 
default is Yes. 


GWCheckEnabled= 


Specify Yes to install the files to the same directory as the GroupWise client (grpwise.exe), 
which results in the Repair Mailbox option being enabled under the Tools menu in the client. Specify 
No to install the files ina GWCheck subdirectory below the GroupWise client directory, which 
disables the Repair Mailbox option until the files are manually copied into the GroupWise directory. 
The default is No. 
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[IntegrationApps] 
Group Wise installs integrations for the following applications, if found, unless the entry is set to No. 


+ Microsoft Excel 

+ Microsoft Word 

+ Microsoft PowerPoint 
+ Corel* Presentations* 
+ Corel Quattro Pro* 

+ Corel WordPerfect* 


[Languages] 


The default language is set to English, and all other languages are set to No, meaning that they are 
not installed. See the setup . cfg file for the list of languages. The Group Wise client might not yet 
be available in all listed languages. 


66.1.4 Adding LDAP Directory Service Accounts 


LDAP directory service accounts provide users with the ability to search directory services such as 
Bigfoot* for names of people. Each search can check potentially millions of names. After locating a 
name through a directory service search, users can add those names to their personal address books. 


You can add predefined LDAP directory service accounts to the Address Book by adding 
information to the setup configuration file. This information can be added even after the initial 
installation. After the accounts are added, this information does not need to be removed from setup 
configuration file. During subsequent installations, GroupWise adds any new accounts listed but 
does not update or duplicate existing LDAP accounts. 


The user can also choose to add LDAP directory service accounts after the GroupWise client is 
installed. 


To add an LDAP account during installation, add the following lines to the setup configuration file, 
providing information that is specific to the account: 

[LDAP Account 1] 

Description=Ldap Serverl 

Server=ldap.serverl.com 

Port=389 

SearchRoot=c=us 

Login=TRUE 





You can add multiple accounts: 


[LDAP Account 2] 
Description=Ldap Server2 
Server=ldap.server2.com 
Port=389 
SearchRoot=0=widget, c=us 
Login=FALSE 
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Table 66-1 LDAP Account Parameters 


Parameter Description 


Description= The name that displays in the list of LDAP directory services in the 


Address Book. 


Server= The LDAP server DNS hostname or IP address. 
Port= The LDAP directory service port number. The number is usually 389. 
SearchRoot= The base or root of the LDAP directory service where the user searches 


for names. For example, the base could be a country, organization, or 
other type of grouping. This is not required for all LDAP directory services. 
If a search root is required, the LDAP directory service provides the 
information. 


Login= TRUE means users are prompted for a username and password when 


they use the LDAP directory service. 


66.1.5 Testing Your AutoUpdate Configuration 


Before you enable AutoUpdate for client users, you should test the modifications you have made to 
the setup configuration file. 


1 


Copy the modified setup. c fg file from the client directory to the win32 directory in the 
software distribution directory. 


2 On your own workstation or a test workstation, run setup.exe in the win32 directory. 


If the Windows client installation goes as planned, continue with Step 5 if you are using 
SetupIP. 


or 


If client workstations will be updated from the same software distribution directory where you 
just tested the setup.exe program, skip to Section 66.1.6, “Enabling AutoUpdate,” on 
page 1093. 


If the Windows client installation does not go as planned, review your modifications to the 
setup.cfg file, as described in Section 66.1.3, “Modifying the Setup Configuration File,” on 
page 1085, then return to Step | repeat the test. 


After you can install successfully from the software distribution directory, copy the modified 
setup.cfg file from the client directory to the win32 directory on the Web server. 


E-mail the setupip.exe file to yourself. 
On your own workstation or a test workstation: 


Ta Make sure you are connected to the Internet, so that you can access the Web server where 
the Windows client software is located. 


7b Run setupip.exe. 


Because you have already tested your setup configuration file, installation from the 
Internet should also run as expected. 
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8 If you encounter problems with setting up AutoUpdate and SetupIP, more detailed background 
information and instructions are provided in: 


¢ TID 3730554: Novell GroupWise SetupIP Client Installation Guide in the Novell Support 
Knowledgebase (http://www.novell.com/support) 


+ Upgrading Clients to GroupWise 6 in a NetWare Environment (http://support.novell.com/ 
techcenter/articles/nc2001_12c.html) by Danita Zanre 


+ Consultants Corner: (Client) Push Comes to Shove (http://www.novell.com/ 
coolsolutions/feature/19506.html) by Gregg Hinchman 
Although these documents reference earlier versions of GroupWise, the AutoUpdate and 
SetupIP strategies still apply. 
9 When testing is successful, continue with Enabling AutoUpdate. 


66.1.6 Enabling AutoUpdate 


After you have customized the setup configuration file (setup .cfg) and tested it, you are ready 
to enable AutoUpdate. After AutoUpdate is enabled, Windows client users start experiencing client 
software updates the next time they start the Windows client. They might or might not be prompted 
and they might or might not see information displayed during the update, depending on your 
customized entries in the setup configuration file. 


1 In ConsoleOne, click Tools > GroupWise System Operations > Software Directory 
Management. 


KS Software Distribution Directory Management 


Software Distribution Directories: 
Name | UNC Path 
GroupWise 7 Software WEBD-NVisysigrpwiselsoftware 














2 Select the software distribution directory, then click Update. 


KS Update Software Distribution Directory 


I Update by copying from: 





ce Cancel 








e 








g 


T Force auto-update check by GroupWise components 





3 Select Force Auto-Update Check by GroupWise Components. 
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This causes the Group Wise client to check for a new version each time it starts. If a new 
version is found, the user is prompted to update the client software, unless you set 
ForceUpdate=Yes in the setup configuration file. 


If a mapped drive to the software distribution directory is found on the user’s workstation, the 
client software is installed from the mapped drive. If a mapped drive to the software 
distribution directory is not found on the user’s workstation, Group Wise checks the Web server 
locations you specified using writeip.exe and installs the client software from one of those 
locations. 


If no connection to the software distribution directory can be made, a setupip.err file is 
created in c: \windows of the user’s workstation. This file explains why none of the 
connections could be made. 


4 Repeat Step | through Step 3 for each software distribution directory where you have updated 
the software and modified the setup configuration file. 


66.1.7 Modifying the addon.cfg File 


The addon . cfg file is an ASCII text file that supports extended ASCII characters. The 
GroupWise client setup program uses the addon. cfg file to install additional components on 
users’ workstations. The components might include software not shipped with GroupWise. The 
addon . cfg is specific to each program being installed. The required program files and the 
associated addon. cfg file must be copied to a subdirectory under 

software distribution directory\client\win32\addons. 





During the client installation, the GroupWise setup program searches the subdirectories under the 
\addons directory for any addon. c fg files. The setup program then executes the installation 
program for that component by using the settings specified in addon. cfg. Ifan entry is missing in 
the addon . cfg file, the installation program prompts the user for the required information. 


The addon . cfg files for Internet Browser Mail Integration, PDA Connect, and Group Wise Tip of 
the Day are included in the corresponding subdirectories under addons, but the basic control for 
installing these two components is in the [GWMailTo], [PDAConnect], and [GWTip] sections 
of setup.cfg. 


For information about installing GroupWise Messenger as an additional component by modifying 
the addon.cfg file, see “Installing the Messenger Windows Client as a GroupWise Windows 
Client Add-On” in “Managing Messenger Client Users” in the Novell Messenger Administration 
Guide. 


When creating an addon . cfg file for a different component, you must include at least the 
following section headings and associated entries. If the installation program requires additional 
information, you can include that information as additional entries. The required entries are as 
follows: 


+ “[GroupWiseAddon]” on page 1094 
+ “[Name]” on page 1095 
+ “[Description]” on page 1095 


[GroupWiseAddon] 


This section head must be included with the following entries. 
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Table 66-2 GroupWise Add-On Parameters 











Entry Example 
Install=add-on setup program filename Install=setup.exe 
Parameters=parameters for add-on setup program Parameters=/install 
Silent=parameters for administrator-defined setup Silent=/s 
Size=installed add-on size in kilobytes Size=100 

[Name] 


Under this section head, specify the two-letter language code for the language being installed, 
followed by the name of the add-on. This name appears in the components listing. 


Example: US=GroupWise Tip of the Day 


[Description] 


Under this section head, specify the two-letter language code followed by a short description of the 
add-on. This description appears in the Description field when the component is selected in the 
component listing. 


Example: US=GroupWise Tip of the Day introduces new features and 
provides tips for using the GroupWise client. 





66.1.8 Error Log File 


If an error occurs during the installation and ShowDialogs=No, the error message is logged in 
gwsetup.err in the user’s \windows directory. IfErrorMessage=error text has been 
added as the last entry under the [GroupWiseSetup] section, the error text is displayed. 
Otherwise, a generic error message is displayed notifying the user to contact the system 
administrator. The log file is an ASCII text file. 





66.2 Using ZENworks Desktop Management to 
Distribute the GroupWise Windows Client 
You can use the Application Management functionality in Novell ZENworks Desktop Management 


to distribute the GroupWise Windows client to workstations. The following sections provide 
instructions: 


+ Section 66.2.1, “Creating a GroupWise Client Application Object,” on page 1096 
+ Section 66.2.2, “Using GroupWise 7 Tuner,” on page 1099 
¢ Section 66.2.3, “Configuring ZENworks to Use a Transform File,” on page 1101 





IMPORTANT: This information assumes that you are familiar with ZENworks Desktop 
Management. For background information, or for help completing the ZENworks tasks outlined in 
the steps below, see the ZENworks Desktop Management documentation at the Novell ZENworks 
Documentation Web site (http://www.novell.com/documentation-index/ 
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index.jsp?category=ZENworks). See also TID 3492700: Tips on Deploying GroupWise 7 MSI via 
ZENworks in the Novell Support Knowledgebase (http://www.novell.com/support). 





66.2.1 Creating a GroupWise Client Application Object 


The following steps explain how to use ZENworks Desktop Management to create a GroupWise 
client Application object from the .msi file. Depending on your version of ZENworks Desktop 
Management, the steps might be slightly different. If you want to change the default MSI 
installation, then you must use the GroupWise 7 Tuner program to create a custom transform file. 
For more information on how to use GroupWise 7 Tuner, see Section 66.2.2, “Using GroupWise 7 
Tuner,” on page 1099. 


1 In ConsoleOne®, right-click the container where you want to create the GroupWise client 
Application object, then click New > Object to display the New Object dialog box. 
2 Inthe list of objects, click Application, then click OK to display the New Application dialog 
box. 
New Application Object 


Create an Application object for: 


Novelle 
E ZENworkse 7 CA simple application (no .AOT/.AXT/.MSI file) 


© An application that has an AOTLAXT file 
C An application by using an existing Application object 


( A Web application 


CA Terminal Server application 


To continue, click Next. 





| Next > Cancel | | Help | 








3 Select An Application that Has an .msi File, then click Next to display the .msi file path page. 


New Application Object 


E Specify the path to the MSI file you want to use to create the Application object. 
E Novelle 
E ZENworkse 7 
E Path to MSI File: 
[4 iserverjsottwaretolientwvin321groupwise msi El 





To continue, click Next. 





< Back | Next > Cancel | | Help | 
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4 Inthe Path to .msi File field, browse for and select the groupwise.msi file. 


5 Click Next to display the Application object information page, then customize the object name, 
source path, and target path information if necessary. 


New Application Object 


Define the following information for the Application object. 
ov 
E ZENworkse 7 Object Name: 
E IGroupise Client 





Administration Package Path: 
J'iserverisoftwareiclientiwins2 








To continue, click Next. 





< Back | Next > | Cancel | | Help | 








Object Name: The name to be used for the Application object in eDirectory. You might want 
to use a descriptive name. 


Administration Package Path: The directory from which the GroupWise client will be 
installed. Specify the full path to the client directory (for example, 
\\serverl\voll\grpwise\software\client\win32). Unless all users will have 
the same drive mapping to the volume, make sure you use a UNC path. 


This path is saved as the Administration Package Path variable. If you need to change it later, 
you can do so on the Application object’s Sources page (Application object > Common > 
Sources). 

6 Click Next to display the rules to control availability of this application page, then modify the 
rules if necessary. 

New Application Object 


Add rules to control availability of this application. 
p Nove lle Type Subject Operator 
E ZENworkse 7 














I Always show icon 


Modify | Delete | 





To continue, click Next. 





= Back E 7 Cancel | | Help | 








7 Click Next to display the user associations page. 
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Add user and workstation associations: 


Novelle p =| ani Oh, 
E ZENworkse 7 >| A A] z m = 





























Column Name: 


To continue, click Next. 











You can associate the Application object with the users and workstations you want the object 
distributed to at this time, or you can create the associations later. 


8 After you add the associations you want, click Next, review the information, then click Finish 
to create the Application object. 


9 Right-click the newly-created GroupWise client Application object, then click Properties. 


10 Configure any other Application object settings required to provide the performance or 
functionality you want. 


For example, you can configure the Application object so that the GroupWise client is installed 
immediately upon distribution to the user’s workstation, without any intervention by the user. 
Or, you can change the locations where the GroupWise client’s icon is displayed. Or, you can 
specify the location of a transform file for custom MSI installs. For information about 
Application object settings, see the ZENworks Desktop Management documentation at the 
Novell ZENworks Documentation Web site (http://www.novell.com/documentation-index/ 
index.jsp?category=ZENworks). 


After you associate the Application objects with the users you want, Novell Application Launcher™ 
displays the Application object’s icon on the users’ workstations, if the workstation meets the 
operating system requirements. If the Application object’s icon does not appear immediately, have 
the user refresh Novell Application Launcher. 


If a service is preventing the GroupWise Windows client from installing correctly you can add a 
property to the GroupWise application object that stops the service until the installation has finished. 


1 In ConsoleOne, right-click the container where you created the GroupWise client Application 
object, then double-click the GroupWise Application object. 

Click MSI > Properties, then click Add. 

In the Value name field, type STOPSERVICE. 

In the Value Data field, type the name of the service to stop. 

Click OK twice. 


a Ff © N 
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66.2.2 Using GroupWise 7 Tuner 


GroupWise 7 Tuner is an application that allows you to customize your MSI install. The Tuner 
application creates a transform file called groupwise.mst, which you can specify to use when 
performing an MSI install with ZENworks. You must have write access to the software distribution 
directory to use the GroupWise 7 Tuner application. 





NOTE: If you install the GroupWise client using a Tuner file to a protected area, such as the 
C:\Program Files directory, the installation fails if you try to install using a non- 
Administrator user. You must install the Group Wise client to an unprotected are such as, 
C:\Novell\GroupWise if you are using a non-Administrator user. 





1 From the \admin\UTILITY\GWTUNER directory of the GroupWise 7 Support Pack 1 or 
greater download, select the GWIuner. exe file, then click OK to run the Group Wise 7 Tuner 
application. 





2 Specify the location of the client distribution directory on your GroupWise system, then click 
Next. 


GroupWise Install Tuner 


Welcome to the GroupWise Install Tuner. 


This program will help you create a Windows Installer 
Transform, which will allow you to apply modified settings 
to the Groupwise install. 


Please specify the location of the Client directory: 
(AH 03.12 multi\win nim _release\client … 











3 Specify where the GroupWise client should be installed on the client machines. 


GroupWise Install Tuner 


General Settings 


Install path: 
C:\Novell\GroupWise 





Program folder: 
Novell GroupWise 








NW Add Groupwise to the Desktop 
IV Add GroupWise to the Quick Launch 


I Add Notify to the Startup folder 





< Back Cancel 





4 Specify which program folder the GroupWise client should be installed to. 
5 Select if you want to add a GroupWise icon to the client desktop. 


6 Select if you want to add a GroupWise icon to the client Quick Launch. 
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7 Select if you want to add Group Wise to the client Startup folder. 
8 Click Next to continue. 
9 Select the languages to install, then click Next. 


GroupWise Install Tuner 


Languages 
elect the languages you want to install: 





M English 

O Arabic 

Brazilian Portugese 
Chinese Simplified 
Chinese Traditional 
Czech 

Danish 

Dutch 

Finnish 

French 

German 

O Hebrew 

Hunaarian 









































< Back Cancel 





10 Select the default startup language for the client, then click Next. 


GroupWise Install Tuner 


Default Language 
Select the default startup language: 
M English 





CR 








11 Select which software integration you want the client to use. 


GroupWise Install Tuner 


Software Integration 


Select the software you want to integrate with 
GroupWise: 


M] Corel Presentations 
M] Corel Quattro Pro 
M] Corel WordPerfect 
Pau. rt 


Addon Software 


Select the addon software you want to install with 
GroupWise: 












































< Back Cancel 
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12 Select which add-on software to install with the client, then click Finish to create the transform 
file (groupwise.mst) in the client software distribution directory. 


66.2.3 Configuring ZENworks to Use a Transform File 


After you have created the transform file (groupwise.mst), you must configure ZENworks to 
use the transform file when doing MSI installations. 


1 From ConsoleOne, right-click the application file that was created in Section 66.2, “Using 
ZENworks Desktop Management to Distribute the GroupWise Windows Client,” on 
page 1095, then click Properties. 


2 Click the MSI > Transform tab. 

3 Click Add, then browse to the location of the transform file (groupwise.mst). 
4 Click OK to add the transform file to the Transform List. 

5 Click OK again. 


66.3 Using Novell ZENworks Linux Management 
to Distribute the GroupWise Cross-Platform 
Client 


You can install the GroupWise Cross-Platform client and agents using Novell ZENworks Linux 
Management or later. Refer to the Novell ZENworks Linux Management site (http:// 
www.novell.com/products/zenworks/linuxmanagement/) for additional information. 
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Supporting the GroupWise Client 
in Multiple Languages 


The GroupWise® client software is available in a broad range of languages to meet the needs of 
users in many countries. If your GroupWise system services users who speak more than one 
language, the following tasks help you meet your multilingual users’ needs. 


+ Section 67.1, “Providing the GroupWise Client Software in Multiple Languages,” on 
page 1103 
¢ Section 67.2, “Providing Post Office Support for Multiple Languages,” on page 1103 


67.1 Providing the GroupWise Client Software in 
Multiple Languages 


1 Make sure that you have the multilingual version of GroupWise. 

2 Install the client software in the languages you need in one or more software distribution 
directories, following the instructions in Section 4.9, “Software Directory Management,” on 
page 64. 


3 Distribute the client software to users, as described in Chapter 66, “Distributing the Group Wise 
Client,” on page 1081. 


By installing the GroupWise client software in their language of choice, users can begin using 
Group Wise in that language immediately. However, there are a few language-related details of 
Group Wise functionality that are not taken care of by the client software running on users’ 
workstations. For a fuller multilingual implementation, continue with Section 67.2, “Providing Post 
Office Support for Multiple Languages,” on page 1103. 


67.2 Providing Post Office Support for Multiple 
Languages 
A few aspects of GroupWise functionality are affected by the language in use by the POA running 
for the post office to which users belong. The POA returns certain text in the language in which it is 
running, not the language in use on users’ workstations. 
+ The status information (Delivered, Opened, an so on) displayed in the Properties page of items 
¢ The text of return notification mail receipts (if the user has enabled this type of notification) 
¢ The sort order in the Address Book 
In some circumstances, these issues can be resolved by grouping users who speak the same language 


into the same post office and then installing the POA in the same language that the users are using. 
For more information, see Section 11, “Creating a New Post Office,” on page 155. 


At present, the POA is available in fewer languages than the GroupWise client, so this solution helps 
only those client users who are somewhat familiar with the language in use by the POA. For more 
information, see Chapter 7, “Multilingual GroupWise Systems,” on page 105. 
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Tools for Analyzing and 
Correcting GroupWise Client 
Problems 


The following tools can assist you in analyzing and correcting Group Wise” client problems. 


+ Section 68.1, “Group Wise Exception Handler for the Windows Client,” on page 1105 
+ Section 68.2, “Group Wise Check,” on page 1105 


68.1 GroupWise Exception Handler for the 
Windows Client 


In the event that the GroupWise Windows client causes an exception (or “crashes”), Group Wise 
generates a GroupWise Exception Report. This report contains information that is useful in 
analyzing the problem that the client is having so that it can be solved. 


The report is saved in \temp\grpwise.rpt. The \temp directory used is the one specified by 
the TMP environment variable, or if not defined by TMP, the one specified by the TEMP 
environment variable. If neither environment variable is defined, GroupWise uses the current the 
windows directory. 


Each time an exception or crash occurs, a new report is appended to grpwise.rpt. If the file reaches 
100 KB, the oldest reports (at the beginning of the file) are deleted. 


The GroupWise Exception Report contains information such as the date and time the report was 
generated, the exception code, fault address, date of grpwise.exe, computer and username where the 
exception occurred, hardware and operating system information, process modules, raw stack dumps, 
and call stacks. 


68.2 GroupWise Check 


Group Wise Check (GWCheck) is a tool that performs maintenance and repair tasks to keep 
GroupWise operating efficiently. It is essentially a standalone version of the Mailbox/Library 
Maintenance feature available in ConsoleOne®. GroupWise Check checks and repairs Group Wise 
user, message, library, and resource databases without having ConsoleOne and the GroupWise snap- 
in loaded. In addition to checking post office, user, and library databases, it also checks remote and 
archive databases. 


¢ Section 68.2.1, “Enabling GroupWise Check in the Windows Client,” on page 1106 
+ Section 68.2.2, “Using GroupWise Check with the Cross-Platform Client,” on page 1106 
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68.2.1 Enabling GroupWise Check in the Windows Client 


GroupWise Check can be installed with the GroupWise Windows client (unless you have specified 
in setup.cfg that it not be installed), and is available by clicking Tools > Repair Mailbox in the client 
in Caching and Remote modes after you complete the following: 


1 Locate the directory named gwcheck. This is a subdirectory of the directory where the client 
is installed (usually c: \novell\groupwise). 
2 Locate grpwise.exe. It is usually in c:\novell\groupwise. 
3 Copy all the files in gwcheck to the directory where grpwise.exe is located. 
You can now run GroupWise Check in Caching and Remote mode. The GroupWise Check dialog 


box is titled GroupWise Mailbox Maintenance. You can also use Ctrl+Shift when accessing a 
Caching or Remote mailbox to run GroupWise Check before opening the mailbox. 


For detailed information about GroupWise Check, click Help or see Section 34.1, “GroupWise 
Check,” on page 423. 


68.2.2 Using GroupWise Check with the Cross-Platform Client 


GroupWise Check is not accessible from the Cross-Platform client but can be installed on a Linux 
workstation if you need to repair local databases. For installation instructions, see Section 34.1.3, 
“Using GWCheck on Linux,” on page 426. 


GWCheck is installed by default on the Cross-Platform client for Macintosh. You must start 
GWCheck from a terminal window on a Macintosh. For further instructions, see Section 34.1.4, 
“Using GWCheck on Macintosh,” on page 428. 
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Startup Switches for the 


GroupWise Client 


The Group Wise” client has optional startup switches that you can use when you start the program. 
Some ofthese startup switches are for your convenience, while others are necessary to run 
Group Wise on your particular hardware. Some switches are not available in the Cross-Platform 


client. 


Windows Client 
/@u-? 
/@u-user_ID 


/bl 


liabs 

lipa-IP address or hostname 
lipp-port number 

xx 

/la-network_1D 

/nu 

/ph-pathname 
/pc-path_to_caching_mailbox 
/pr-path_to_remote_mailbox 


N/A 


69.1 /@u-? 


Cross-Platform Client 

-@u=? 

-@u=user_/D 

N/A 

N/A 

N/A 

N/A 
-ipa=/P_address_or_hostname 
-ipp=port_number 

-l= xx 

N/A 

-nu 

-ph=pathname 
-pc=path_to_caching_mailbox 
N/A 


-Ui=XXX 


Displays a login dialog box whenever you open the GroupWise client, allowing you to supply any 


necessary login information. 
Syntax: /@u-? 


Example: groupwise.exe /@u-? 


69.2 /@u-user_ID 


Lets you use your GroupWise user ID to use the GroupWise client as yourself on another user’s 
computer. The other user remains logged on to the network. 
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Syntax: /@u-user_ID 


Example: groupwise.exe /@u-ltanaka 


69.3 /bl 


Prevents the GroupWise client logo screen from being displayed when you start the Group Wise 
client. 


Syntax: /b1l 
Example: groupwise.exe /bl 


This startup switch is not available in the Cross-Platform client. 


69.4 /c 


Checks for unopened items. If there are unopened items, the Group Wise client opens as usual. 
Otherwise, the GroupWise client does not start. 


Syntax: /c 
Example: groupwise.exe /c 


This startup switch is not available in the Cross-Platform client. 


69.5 /cm 


Checks for unopened items. If there are unopened items, the GroupWise client opens minimized and 
a beep sounds. Otherwise, the GroupWise client does not start. 


Syntax: /cm 
Example: groupwise.exe /cm 


This startup switch is not available in the Cross-Platform client. 


69.6 /iabs 


Initializes the Address Book when the GroupWise client starts. 
Syntax: /iabs 
Example: groupwise.exe /iabs 


This startup switch is not available in the Cross-Platform client. 


69.7 /ipa-/P_address_or_hostname 


Lets you specify the IP address or the hostname when you are running in client/server mode. 
Syntax: /ipa-IP address 


Example: groupwise.exe /ipa=127.65.45.1 
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69.8 /ipp-port_number 
Lets you specify the IP port number when you are running in client/server mode. 
Syntax: /ipp-port number 


Example: groupwise.exe /ipp-1677 


69.9 /I-xx 


Applies only if you have two or more language versions or language modules. This option instructs 
GroupWise to override the default environment language (under Environment in Options) with the 

language specified by the language code xx. The language codes are listed below. This table lists the 
language codes used by all Novell® products. GroupWise might not yet be available in some of the 
listed languages. For current information, contact your local reseller. 


Table 69-1 Language Codes 


Language Code 
Arabic AR 
Chinese Simplified ZH-CN 
Chinese Traditional ZH-TW 
Czech CS 
Danish DK 
Dutch NL 
English US 
Finnish SU 
French FR 
German DE 
Hebrew HE 
Hungarian MA 
Italian IT 
Japanese JA 
Korean KO 
Norwegian NO 
Polish PL 
Portuguese BR 
Russian RU 
Spanish ES 
Swedish SV 
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Syntax: /1-xx 





n 


Example: groupwise.exe /1-E 


69.10 /la-network ID 


Lets you use your network ID to use the Group Wise client as yourself on another user’s computer. 
The other user remains logged on to the network. 


Syntax: /la-network ID 
Example: groupwise.exe /la-jgrey 


This startup switch is not available in the Cross-Platform client. 


69.11 /nu 


Turns off AutoRefresh. If this option is selected, click View > Refresh whenever you want to update 
the display to see the items currently in your mailbox. 


Syntax: /nu 


Example: groupwise.exe /nu 


69.12 /ph-pathname 


Lets you specify the path to the post office. 
Syntax: /ph-pathname 


Example: groupwise.exe /ph-j:\mail\denverl 


69.13 /pc-path_to_caching_mailbox 


Opens Group Wise in Caching mode. GroupWise must be restarted when you change from Online to 
Caching. 


Syntax: /pc-path_to_caching mailbox 


Example: groupwise.exe /pc-c:\novell\groupwise\cache 


69.14 /pr-path_to_remote_mailbox 


Opens the Group Wise client in Remote mode. This startup switch can be used in the Target text box 
only. 


Syntax: /pr-path to remote mailbox 
Example: groupwise.exe /pr-c:\novell\groupwise\remote 


This startup switch is not available in the Cross-Platform client. 
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69.15 -ui=xxx 


Lets you specify which user interface “Look and Feel” to use. This switch is currently only available 
on Linux. Currently only gtk is supported. This starts the GroupWise Cross-Platform client on Linux 
using the GTK “Look and Feel”. This only works properly if you are using the GNOME* desktop 
manager. 


Syntax: -ui=xxx 
Example: /opt/novell/groupwise/client/bin/groupwise.sh -ui=gtk 


this startup switch is not available in the Windows client or the Macintosh Cross-Platform client. 
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Security Administration 


+ Chapter 70, “GroupWise Passwords,” on page 1115 

+ Chapter 71, “Encryption and Certificates,” on page 1121 

+ Chapter 72, “LDAP Directories,” on page 1131 

+ Chapter 73, “Message Security,” on page 1135 

+ Chapter 74, “Address Book Security,” on page 1137 

+ Chapter 75, “GroupWise Administrator Rights,” on page 1139 
+ Chapter 76, “GroupWise Agent Rights,” on page 1151 

+ Chapter 77, “GroupWise User Rights,” on page 1153 

+ Chapter 78, “Spam Protection,” on page 1159 

¢ Chapter 79, “Virus Protection,” on page 1161 


See also Part XVI, “Security Policies,” on page 1163. 
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GroupWise Passwords 


Access to GroupWise® mailboxes is protected by post office security settings or GroupWise 
passwords. Agent passwords grant access to remote servers and to Novell® eDirectory™, and 
protect access to GroupWise agent status information. 

+ Section 70.1, “Mailbox Passwords,” on page 1115 


+ Section 70.2, “Agent Passwords,” on page 1119 


See also Part XVI, “Security Policies,” on page 1163. 


70.1 Mailbox Passwords 


When you are setting up a new GroupWise system, you need to determine what kind of password 
protection you want to have on users’ GroupWise mailboxes before users start running Group Wise. 
In ConsoleOne®, you can choose where password information is obtained when users log in to 
Group Wise and you can set defaults under Client Options to enforce your choices. You and 

Group Wise client users should keep in mind that GroupWise passwords are case sensitive. 


¢ Section 70.1.1, “Using Post Office Security Instead of GroupWise Passwords,” on page 1115 
+ Section 70.1.2, “Requiring GroupWise Passwords,” on page 1116 

+ Section 70.1.3, “Managing GroupWise Passwords,” on page 1116 

+ Section 70.1.4, “Using LDAP Passwords Instead of GroupWise Passwords,” on page 1118 


+ Section 70.1.5, “Bypassing Mailbox Passwords to Respond to Corporate Mandates,” on 
page 1118 


70.1.1 Using Post Office Security Instead of GroupWise 
Passwords 


When you create a new post office, you must select a security level for it. 


If you select Low Security for the post office, users are not required to set passwords on their 
Group Wise mailboxes. However, passwordless mailboxes are completely unprotected from other 
users who know how to use the @u-user_ID startup switch. 


If you select High Security for the post office, users are still not required to set passwords on their 
GroupWise mailboxes, but they are reguired to be successfully logged in to a network before they 
can access their own passwordless mailboxes. Users cannot access other users’ passwordless 
mailboxes. 


After you select High Security, you can further enhance post office security by reguiring specific 
types of authentication before users can access their passwordless Group Wise mailboxes. You can 
reguire eDirectory authentication so that users must be logged into eDirectory before they can 
access their passwordless Group Wise mailboxes. 


In spite of these passwordless solutions to GroupWise mailbox security, users are always free to set 
their own Group Wise passwords on their mailboxes. When they do, the post office security settings 
no longer apply (except for LDAP authentication as discussed below) and users are regularly faced 
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with both logins unless some additional password options are selected for them, as described in the 
following sections. 


70.1.2 Requiring GroupWise Passwords 


Users are required to set passwords on their Group Wise mailboxes if they want to access their 
Group Wise mailboxes in any of the following ways: 

+ Using Caching mode or Remote mode in the GroupWise Windows client 

+ Using Caching mode in the GroupWise Cross-Platform client 

+ Using their Web browsers and the GroupWise WebAccess client 

+ Using an IMAP e-mail client 


+ Accessing a GroupWise mailbox as an external entity rather than as an eDirectory user 


70.1.3 Managing GroupWise Passwords 


When Group Wise passwords are in use in addition to network passwords, there are a variety of 
things you can do to make GroupWise password management easier for your and to make the 
additional Group Wise password essentially transparent for your GroupWise users. 

+ “Establishing a Default GroupWise Password for New Accounts” on page 1116 

+ “Accepting eDirectory Authentication Instead of GroupWise Passwords” on page 1116 

+ “Using Novell SecureLogin to Handle GroupWise Passwords” on page 1117 

+ “Allowing Windows to Cache GroupWise Passwords” on page 1117 

+ “Using Intruder Detection” on page 1117 

+ “Resetting GroupWise Passwords” on page 1117 

+ “Synchronizing GroupWise Passwords and LDAP Passwords” on page 1118 





NOTE: A GroupWise password can contain as many as 64 characters and can contain any typeable 
characters. 





Establishing a Default GroupWise Password for New Accounts 


If you want to require users to have Group Wise passwords on their mailboxes, you can establish the 
initial passwords when you create the GroupWise accounts. In ConsoleOne, you can establish a 
default mailbox password to use automatically on all new GroupWise accounts, as described in 
Section 13.1, “Establishing a Default Password for All New GroupWise Accounts,” on page 203. Or 
you can set the password on each new GroupWise account as you create it. 


Keep in mind that some situations require users to have passwords on their GroupWise mailboxes, 
as listed in Section 70.1.2, “Requiring GroupWise Passwords,” on page 1116. 


Accepting eDirectory Authentication Instead of GroupWise Passwords 


When you create users in eDirectory, you typically assign them network passwords and users must 
provide those passwords when they log in to the network. If you want to make GroupWise mailbox 
access easy for client users, you can select Allow eDirectory Authentication Instead of Password 

(ConsoleOne > Tools > GroupWise Utilities > Client Options > Password). This allows GroupWise 
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users to select No Password Required with eDirectory (Windows client > Tools > Security > 
Password). 





NOTE: This option is not available in the Cross-Platform client or the WebAccess client. 





As long as users who select this option are logged into eDirectory as part of their network login, they 
are not prompted by GroupWise for a password when they access their GroupWise mailboxes. If 
they are not logged in to eDirectory, they must provide their Group Wise passwords in order to 
access their GroupWise mailboxes. 


Using Novell SecureLogin to Handle GroupWise Passwords 


If users have Novell SecureLogin installed on their workstations, you can select Enable Single Sign- 
On (ConsoleOne > Tools > GroupWise Utilities > Client Options > Security > Password). This 
allows GroupWise users to select Use Single Sign-On (Windows client > Tools > Security > 
Password). Users need to provide their Group Wise mailbox password only once and thereafter 
SecureLogin provides it for them as long as they are logged in to eDirectory. 





NOTE: This option is not available in the Cross-Platform client or the WebAccess client. 





Allowing Windows to Cache GroupWise Passwords 


If you want to allow password information to be stored on Windows workstations, you can select 
Allow Password Caching (ConsoleOne > Tools > GroupWise Utilities > Client Options > Security 
> Password). This allows GroupWise users to select Remember My Password (Windows client > 
Tools > Security > Password). Users need to provide their Group Wise mailbox passwords only once 
and thereafter Windows provides them automatically. 


NOTE: This option is not available in the Cross-Platform client or the WebAccess client. 





Using Intruder Detection 


Intruder detection identifies system break-in attempts in the form of repeated unsuccessful logins. If 
someone cannot provide a valid username and password combination within a reasonable time, then 
that person probably does not belong in your GroupWise system. 


Intruder detection for the GroupWise Windows client and Cross-Platform client is performed by the 
POA and is configurable. You can set the number of failed login attempts before lockout, the length 
of the lockout, and so on. Ifa user is locked out, you can re-enable his or her account in ConsoleOne. 
See Section 36.3.5, “Enabling Intruder Detection,” on page 506. 


Intruder detection for the GroupWise WebAccess client is built in and is not configurable. After five 
failed login attempts, the user is locked out for 10 minutes. Ifa user is locked out, the user must wait 
for the lockout period to end (unless you want to restart the WebAccess Agent). 


Resetting GroupWise Passwords 


In ConsoleOne, you can remove a user’s password from his or her mailbox if the password has been 
forgotten and needs to be reset (User object > Tools > GroupWise Utilities > Client Options > 
Security > Password). If necessary, you can remove the passwords from all mailboxes in a post 
office (Post Office object > Tools > Mailbox/Library Maintenance > Reset Client Options) This 
resets all or users’ client options settings, not just the passwords. 
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It is easy for GroupWise users to reset their own passwords (Windows or Cross-Platform client > 
Tools > Options > Security > Password). However, if this method is used when users are in Caching 
or Remote mode, this changes the password on the local Caching or Remote mailboxes, but does not 
change the password on the Online mailboxes. To change the Online mailbox password while in 
Caching or Remote mode, users must use a method they might not be familiar with (Windows client 
> Accounts > Account Options > Novell GroupWise Account > Properties > Advanced > Online 
Mailbox Password). 


It is also easy for WebAccess users to reset their own passwords (WebAccess client > Options > 
Password). However, you might not want users to be able to reset their GroupWise passwords from 
Web browsers. In ConsoleOne, you can prevent WebAccess client users from resetting their 

Group Wise passwords (ConsoleOne > GroupWiseWebAccess object > Application > Settings). 
Windows and Cross-Platform client users cannot be prevented from changing their GroupWise 
passwords. 


Synchronizing GroupWise Passwords and LDAP Passwords 


There is no automatic procedure for synchronizing GroupWise passwords and eDirectory 
passwords. However, if you use LDAP authentication, synchronization becomes a moot point 
because Group Wise users are authenticated through an LDAP directory (such as eDirectory) rather 
than by using GroupWise passwords. See Section 70.1.4, “Using LDAP Passwords Instead of 
GroupWise Passwords,” on page 1118. 


70.1.4 Using LDAP Passwords Instead of GroupWise 
Passwords 


Instead of using GroupWise passwords, users’ password information can be validated using an 
LDAP directory. In order for users to use their LDAP passwords to access their GroupWise 
mailboxes, you must define one or more LDAP servers in your GroupWise system and configure the 
POA for each post office to perform LDAP authentication, as described in Section 36.3.4, 
“Providing LDAP Authentication for GroupWise Users,” on page 501. 


When LDAP authentication is enabled, you can control whether users can use the GroupWise client 
to change their LDAP passwords (ConsoleOne> Post Office object > GroupWise > Security). If you 
allow them to, Group Wise users can change their passwords through the Security Options dialog 
box (Windows and Cross-Platform client > Tools > Options > Security) or on the Passwords page 
(GroupWise WebAccess client > Options > Password). If you do not allow them to change their 
LDAP passwords in the GroupWise client, users must use a different application in order to change 
their LDAP passwords. 


You and users can use some of the same methods to bypass LDAP passwords as you can use for 
bypassing Group Wise passwords. See “Accepting eDirectory Authentication Instead of Group Wise 
Passwords” on page 1116 and “Allowing Windows to Cache GroupWise Passwords” on page 1117. 


For more information about LDAP passwords, see Section 72.3, “Authenticating to GroupWise with 
Passwords Stored in an LDAP Directory,” on page 1131. 


70.1.5 Bypassing Mailbox Passwords to Respond to Corporate 
Mandates 


Sometimes it is necessary to access user mailboxes to meet corporate mandates such as virus 
scanning, content filtering, or e-mail auditing that might be required during litigation. These types of 
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mailbox access are obtain using trusted applications, third-party programs that can log into Post 
Office Agents (POAs) in order to access Group Wise mailboxes. For more information about using 
trusted application to bypass mailbox passwords, see Section 4.12, “Trusted Applications,” on 
page 69 


70.2 Agent Passwords 


Agent passwords facilitate access to remote servers where domains, post office, and document 
storage areas are located and access to eDirectory for synchronization of user information between 
Group Wise and eDirectory. They also protect GroupWise Monitor and the agent Web consoles from 
unauthorized access. 


+ Section 70.2.1, “Facilitating Access to Remote Servers,” on page 1119 

+ Section 70.2.2, “Facilitating Access to eDirectory,” on page 1120 

+ Section 70.2.3, “Protecting the Agent Web Consoles,” on page 1120 

¢ Section 70.2.4, “Protecting the GroupWise Monitor Web Console,” on page 1120 


70.2.1 Facilitating Access to Remote Servers 


If the NetWare® POA runs on a server other than where the post office database and directory 
structure are located, it needs to log in to that remote server using an existing username and 
password. There are several ways to provide this information: 


¢ Fill in the Remote User Name and Remote Password fields on the Post Office Settings page of 
the Post Office object in ConsoleOne 


+ Add the /dn startup switch to the POA startup file to provide the fully distinguished name of the 
NetWare POA object 


+ Add the /user and /password startup switches to the POA startup file to provide a username and 
password 


The Windows POA also needs username and password information if it needs to access a document 
storage area on a server other than the one where the post office database and directory structure are 
located. The three methods listed above can be used for this situation as well. The Windows POA 
does not need username and password information in order to access the post office directory 
because it should already have a drive mapped to that location. 


If the NetWare MTA, Internet Agent, or WebAccess Agent runs on a server other than where the 
domain database and directory structure are located, it needs to log in to that remote server using an 
existing username and password. All three of these agents support the /user and /password switches 
for this purpose. The MTA also supports the /dn switch parallel to the POA. You cannot currently 
use ConsoleOne to specify username and password information for these agents. 


Providing passwords in clear text in a startup file might seem like a security risk. However, the 
servers where the agents run should be kept physically secure. If an unauthorized person did gain 
physical access, they would not be doing so for the purpose of obtaining these particular passwords. 
And the passwords are encrypted as they pass over the wire between servers, so the security risk is 
minimal. 
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70.2.2 Facilitating Access to eDirectory 


If you have enabled eDirectory user synchronization, the MTA must be able to log in to eDirectory 
in order to obtain the updated user information. An eDirectory-enabled MTA should be installed on 
a server where a local eDirectory replica is located. 


If the eDirectory-enabled NetWare MTA is running on a different server from where the domain is 
located, you must add the /user and /password switches, or the /dn switch, to the MTA startup file so 
that the MTA can authenticate to eDirectory. The /dn switch is preferable, so that username and 
password information is not exposed in the MTA startup file. If the NetWare MTA is running on the 
same server where the domain is located, the MTA can look up the distinguished name in the 
domain database. 


For the eDirectory-enabled Windows MTA, you must add the /user and /password switches to the 
MTA startup file in order to specify the network user account that the MTA should use to 
authenticate to eDirectory. 


For more information, see Section 41.4.1, “Using eDirectory User Synchronization,” on page 638. 


70.2.3 Protecting the Agent Web Consoles 


When you install the POA and the MTA, they are automatically configured with an agent Web 
console and no password protection is provided. When you install the Internet Agent and the 
WebAccess Agent, you can choose whether to enable the agent Web console during installation. If 
you do, you can provide password protection at that time. 


If you do not want agent Web console status information available to anyone who knows the agent 
network address and port number, you should set passwords on your agent Web console, as 
described in the following sections: 


+ Section 37.2, “Using the POA Web Console,” on page 530 

+ Section 42.2, “Using the MTA Web Console,” on page 657 

+ Section 49.2, “Using the Internet Agent Web Console,” on page 787 

+ Section 56.1.2, “Using the WebAccess Agent Web Console,” on page 929 
If you plan to access the agent Web consoles from Group Wise Monitor, it is most convenient if you 
use the same password on all agent Web consoles. That way, you can provide the agent Web console 
password once in Group Wise Monitor, rather than having to provide various passwords as you view 
the Web consoles for various agents. For information about providing the agent Web console 


password in Group Wise Monitor, see Section 59.4, “Configuring Polling of Monitored Agents,” on 
page 978. 


70.2.4 Protecting the GroupWise Monitor Web Console 


Along with the agent Web consoles, you can also provide password protection for the Monitor Web 
console itself, from which all the agent Web consoles can be accessed. For instructions, see 

Section 59.8, “Configuring Authentication and Intruder Lockout for the Monitor Web Console,” on 
page 985. 
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Encryption and Certificates 


Although GroupWise” native encryption is employed throughout your GroupWise system, 
additional security measures should be utilized to secure your Group Wise data. 


+ Section 71.1, “Personal Digital Certificates, Digital Signatures, and S/MIME Encryption,” on 
page 1121 

+ Section 71.2, “Server Certificates and SSL Encryption,” on page 1123 

+ Section 71.3, “Trusted Root Certificates and LDAP Authentication,” on page 1129 


See also Part XVI, “Security Policies,” on page 1163. 


71.1 Personal Digital Certificates, Digital 
Signatures, 
and S/MIME Encryption 


If desired, you can implement S/MIME encryption for GroupWise client users by installing various 
security providers on users’ workstations, including: 


+ Entrust* 4.0 or later (http://www.entrust.com) 


+ Microsoft Base Cryptographic Provider 1.0 or later (included with Internet Explorer 4.0 or 
later) 


+ Microsoft Enhanced Cryptographic Provider 1.0 or later (http://www.microsoft.com/windows/ 
ie/downloads/recommended/128bit/default.asp) 


+ Microsoft Strong Cryptographic Provider (http://www.siliconprairiesc.com/spsckb/EncryptAll/ 
strong cryptographic provider.htm) 


+ Gemplus GemSAFE Card CSP 1.0 or later (http://www.gemplus.com) 
+ Schlumberger Cryptographic Provider (http://www.slb.com) 


For additional providers, consult the Novell Partner Product Guide (http://www.novell.com/ 
partnerguide). 


These products enable users to digitally sign and/or encrypt their messages using S/MIME 
encryption. When a sender digitally signs a message, the recipient is able to verify that the item was 
not modified en route and that it originated from the sender specified. When a sender encrypts a 
message, the sender ensures that the intended recipient is the only one who can read it. Digitally 
signed and/or encrypted messages are protected as they travel across the Internet, whereas native 
Group Wise encryption is removed as messages leave your GroupWise system. 


After users have installed the S/MIME security providers on their workstations, you can configure 
default functionality for it in ConsoleOne® (Domain, Post Office, or User object > Tools > 

Group Wise Utilities > Client Options > Send > Security). You can specify a URL from which you 
want users to obtain their S/MIME certificates. You can require the use of digital signatures and/or 
encryption, rather than letting users decide when to use them. You can even select the encryption 
algorithm and encryption key size if necessary. For more information, see Section 65.2.2, 
“Modifying Send Options,” on page 1062. 
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After you have configured S/MIME functionality in ConsoleOne, Group Wise users must select the 
security provider (Windows client > Jools > Options > Security > Send Options) and then obtain a 
personal digital certificate. Unless you installed Entrust, users can request certificates (Windows 
client > Jools > Options > Certificates > Get Certificate). If you provided a URL, users are taken to 
the Certificate Authority of your choice. Otherwise, certificates for use with GroupWise can be 
obtained from various certificate providers, including: 


+ Novell, Inc. (if you have installed Novell® Certificate Server™ 2 or later (http:// 
www.novell.com/products/certserver)) 

+ VeriSign’, Inc. (http://www.verisign.com) 

+ Thawte* Certification (http://www.thawte.com) 

+ GlobalSign* (http://www.globalsign.com) 





NOTE: Some certificate provides charge a fee for certificates and some do not. 





After users have selected the appropriate security provider and obtained a personal digital 
certificate, they can protect their messages with S/MIME encryption by digitally signing them 
(Windows client > Actions > Sign Digitally) and/or encrypting them (Windows client > Actions > 
Encrypt). Buttons are added to the Group Wise toolbar for convenient use on individual messages, or 
users can configure GroupWise to always use digital signatures and/or encryption (Windows client 
> Tools > Options > Security > Send Options). The messages they send with digital signatures and/ 
or encryption can be read by recipients using any other S/MIME-enabled e-mail products. 


GroupWise Windows client users are responsible for managing their personal digital certificates. 
Users can have multiple personal digital certificates. In the GroupWise client, users can view their 
own certificates, view the certificates they have received from their contacts, access recipient 
certificates from LDAP directories (see Section 72.4, “Accessing S/MIME Certificates in an LDAP 
Directory,” on page 1132 for details), change the trust level on certificates, import and export 
certificates, and so on. 


The certificates are stored in the local certificate store on the user’s workstation. They are not stored 
in GroupWise. Therefore, if a user moves to a different workstation, he or she must import the 
personal digital certificate into the certificate store on the new workstation, even though the same 
Group Wise account is being accessed. 


If your system includes smart card readers on users’ workstations, certificates can be retrieved from 
this source as well, so that after composing a message, users can sign them by inserting their smart 
cards into their card readers. The Group Wise client picks up the digital signature and adds it to the 
message. 


The GroupWise Windows client verifies the user certificate to ensure that it has not been revoked. It 
also verifies the Certificate Authority. If a certificate has expired, the GroupWise user receives a 
warning message. 


For complete details about using S/MIME encryption in the GroupWise Windows client, see 
“Sending S/MIME Secure Message” in the GroupWise 7 Windows Client User Guide. 





NOTE: S/MIME encryption is not available in the Cross-Platform client or the WebAccess client. 





Any messages that are not digitally signed or encrypted are still protected by native GroupWise 
encryption as long as they are within your GroupWise system. 
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71.2 Server Certificates and SSL Encryption 


You should strengthen native GroupWise encryption with Secure Sockets Layer (SSL) 
communication between servers where GroupWise agents are installed. If you have not already set 
up SSL on your system, you must complete the following tasks: 


+ Section 71.2.1, “Generating a Certificate Signing Request,” on page 1123 
+ Section 71.2.2, “Using a GWCSRGEN Configuration File,” on page 1124 


¢ Section 71.2.3, “Submitting the Certificate Signing Request to a Certificate Authority,” on 
page 1125 


+ Section 71.2.4, “Creating Your Own Certificate,” on page 1125 
+ Section 71.2.5, “Installing the Certificate on the Server,” on page 1128 
¢ Section 71.2.6, “Configuring the Agents to Use SSL,” on page 1128 


If you have already set up SSL on your system and are using it with other applications besides 
Group Wise, skip to Section 71.2.6, “Configuring the Agents to Use SSL,” on page 1128. 


71.2.1 Generating a Certificate Signing Request 


Before the Group Wise agents can use SSL, you must create a Certificate Signing Request (CSR) and 
obtain a public certificate file. The CSR includes the hostname of the server where the agents run. 
Therefore, you must create a CSR for every server where you want the GroupWise agents to use 
SSL. However, all GroupWise agents running on the same server can all use the same resulting 
certificate, so you do not need separate CSRs for different agents. The CSR also includes your 
choice of name and password for the private key file that must be used with each certificate. This 
information is needed when configuring the agents to use SSL. 


One way to create a CSR is to use the GWCSRGEN utility. This utility takes the information you 
provide and creates a . csr file from which a public certificate file can be generated. 


1 Start the GroupWise Generate CSR utility. 


Linux: The utility (gwcsrgen) is installed to the /opt /novell/groupwise/agents/bin 
directory. You must be logged in as root to start the utility. The directory where you 
want to create the certificate file and key file must already exist. 


Windows: The utility (gwcsrgen.exe) is located inthe \admin\utility\gwcesrgen 
directory either on the GroupWise 7 Administrator for NetWare/Windows CD or in the 
GroupWise software distribution directory. 


% Certificate Signing Request 


Private Key Certificate Signing Request 
CSR filename 





Key filename 
Key password 


Verily password 


Required Information 


Country Organization 


State/Province Division 








City Hostname of Server 
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2 Fill in the fields in the Private Key box. The private key information is used to create both the 
Private Key file and the Certificate Signing Request file. 


Key Filename: Specify a name for the Private Key file (for example, server! .key). If you don’t 
want the file stored in the same directory as the GWCSRGEN utility, specify a full path with 
the filename (for example, c:*server1.key or /opt/novell/groupwise/certs/ 
serverl.key). 


Key Password: Specify the password for the private key. The password can be up to 256 
characters (single-byte environments). 


Verify Password: Specify the password again. 
3 Fill in the fields in the Certificate Signing Request box. 


CSR Filename: Specify a name for the Certificate Signing Request file (for example, 
serverl.csr). If you don’t want the file stored in the same directory as the GWCSRGEN 
utility, specify a full path with the filename (for example, c: \serverl.csr or /opt/ 
novell/groupwise/certs/serverl.csr). 





4 Fill in the fields in the Required Information box. This information is used to create the 
Certificate Signing Request file. You must fill in all fields to generate a valid CSR file. 


Country: Specify the two-letter abbreviation for your country (for example, US). 


State/Province: Specify the name of your state or province (for example, Utah). Use the full 
name. Do not abbreviate it. 


City: Specify the name of your city (for example, Provo). 
Organization: Specify the name of your organization (for example, Novell, Inc.). 


Division: Specify your organization’s division that this certificate is being issued to (for 
example, Novell Product Development). 


Hostname of Server: Specify the DNS hostname of the server where the server certificate will 
be used (for example, dev.provo.novell.com). 
5 Click Create to generate the CSR file and Private Key file. 


The CSR and Private Key files are created with the names and in the locations you specified in 
the Key Filename and CSR Filename fields. 


71.2.2 Using a GWCSRGEN Configuration File 


For convenience if you need to generate multiple certificates, you can record the information for the 
above fields in a configuration file so that the information is automatically provided whenever you 
run the Generate CSR utility. The configuration file must have the following format: 

[Private Key] 





Location = 
Extension = key 
[CSR] 

Location = 
Extension = csr 


[Required Information] 
Country = 

State = 

City = 

Organization = 
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Division = 
Hostname = 


If you do not want to provide a default for a certain field, insert a comment character (#) in front of 
that line. Name the file gwcsrgen.cnf. Save the file in the same directory where the utility is 
installed: 


Linux: /opt/novell/groupwise/agents/bin 


Windows: \grpwise\software\admin\utilit/\gwcsrgen 


71.2.3 Submitting the Certificate Signing Request to a 
Certificate Authority 


To obtain a server certificate, you can submit the Certificate Signing Request 

(server name.csr file) to a Certificate Authority. If you have not previously used a Certificate 
Authority, you can use the keywords “Certificate Authority” to search the Web for Certificate 
Authority companies. The Certificate Authority must be able to provide the certificate in Base64/ 
PEM or PFX format. 


The process of submitting the CSR varies from company to company. Most provide online 
submission of the request. Please follow their instructions for submitting the request. 


71.2.4 Creating Your Own Certificate 


+ “Using ConsoleOne on Windows or Linux” on page 1125 


+ “Using YaST on Linux” on page 1127 


Using ConsoleOne on Windows or Linux 


The Novell Certificate Server, which runs on a NetWare® server with Novell eDirectory™, enables 
you to establish your own Certificate Authority and issue server certificates for yourself. For 
complete information, see the Novell Certificate Server Web site (http://www.novell.com/products/ 
certserver). 


To quickly create your own public certificate in ConsoleOne: 
1 Click Help > About Snap-ins to see if the Certificate Server snap-in to ConsoleOne is installed. 


If it is not installed, you can obtain it from Novell Product Downloads (http:// 
download.novell.com). If you are using eDirectory on Linux, the Certificate Server snap-in is 
installed by default. 





NOTE: You can create a server certificate in Novell iManager, as well as in ConsoleOne, using 
steps similar to those provided below. 


2 Browse to and select the container where your Server object is located. 


3 Click Tools > Issue Certificate. 
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Issue Certificate 


Paste a certificate signing request (CSR) in the window below or specify a 
Novell. name ofa file containing a CSR. 





RQ 
4 














4 Browse to and select the CSR file created by GWCSRGEN in Section 71.2.1, “Generating a 
Certificate Signing Request,” on page 1123, then click Next. 


By default, your own organizational certificate authority signs the request. 
5 Click Next. 


Issue Certificate 


D Selecthowthe Key is to be used. 
N ove l l . Type Key usage 
© Unspecified Fr 
© Encryption jä 
C Signature ja 
C SSL or TLS 
C Custom 


C 











In the Type box, select Custom. 
In the Key Usage box, select all three usage options. 
Click Next. 


In the Validity Period field, select the length of time you want the certificate to be valid. 


© © NOg 


You might want to change the setting to a longer period of time to best meet the needs of your 
organization. 


10 Click Next, view the summary information, then click Finish. 


1126 GroupWise 7 Administration Guide 


Save Certificate 


Acertificate has heen created. Specify how to save the certificate. 
Save to 
© System clipboard in Base64 format 
© File in binary DER format 
€ File in Base64 format 





Filename: |c:ussuedcertiicete der Bal 


Details i Cancel Help 





1 Select File in Base64 Format. 
12 Specify the path and filename for the certificate. 


Limit the filename to 8 characters. You can retain the .b64 extension or use the more general 
. crt extension. 


13 Click Save. 


Using YaST on Linux 


1 On the Linux server desktop, click Computer > YaST, then enter the root password. 
2 Click Security and Users > CA Management. 
3 Ifyou did not create the YaST Default CA during the installation of Linux on the server: 


3a Click /mport CA, specify the name and location of an existing CA, click OK, then skip to 
Step 4. 


or 
Click Create Root CA, then continue with Step 3b. 
3b Fill in the following fields: 
CA Name: Specify the name of the CA certificate. 
Common Name: Specify the name of the Certificate Authority. 
Organization: Specify the name of your organization (for example, Novell, Inc.). 


Organizational Unit: Specify your organization’s division that this certificate is being 
issued to (for example, Novell Product Development). 


Locality: Specify the name of your city or other regional division (for example, Provo). 


State: Specify the name of your state (for example, Utah). Use the full name. Do not 
abbreviate it. 


Country: Select the name of your country (for example, USA). 
3c Click Next. 
3d Specify and verify the certificate password, then click Next. 
3e Click Create to create the root Certificate Authority on the server. 
4 After you have a Certificate Authority on the Linux server: 


4a Select YaST Default_CA or the CA you just created, click Enter CA, specify the CA 
password, then click OK. 


4b On the Certificates tab, click Export > Export to File. 
4c Select Certificate and the Key Encrypted in PEM Format. 
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4d Specify the certificate password and, if desired, specify and verify a new password for the 
new certificate file. 


4e Browse to and select the directory where you want to create the certificate file, then 
specify the filename for the certificate, adding a . pem extension. 


4f Click OK to create the certificate file, then click OK again to confirm. 
4g Exit from YaST. 


5 In a terminal window, log in as root, then separate the . pem file created by YaST into a 
.crt file anda . key file, as required by Group Wise: 


Sa Use a text editor such as gedit to open the . pem file. 








5b Select and copy the BEGIN CERTIFICATE line through the END CERTIFICATE line 
into a new file, name it the same as the server name, and add a . crt extension to the 
filename when you save it. 



































5c Select and copy the BEGIN RSA PRIVATE KEY line through the END RSA PRIVATE 
KEY line into a new file, name it the same as the server name, and adda . key extension 
to the filename when you save it. 


5d Exit the text editor. 


























71.2.5 Installing the Certificate on the Server 


After processing your CSRs, the Certificate Authority sends you a public certificate 

(server name.b64) file for each CSR. You might need to extract the private key from the public 
certificate. The private key file might have an extension such as . pem or . pfx. The extension is 
unimportant as long as the file format is correct. 


If you used the Issue Certificate feature in ConsoleOne, as described in Section , “Using 
ConsoleOne on Windows or Linux,” on page 1125, it generated the public certificate file 
(server name.b64) and private key file (server name. key). 





If you used the CA Management feature in YaST, as described in Section , “Using YaST on Linux,” 
on page 1127, you created the public certificate file (server name.crt) and private key file 
(server name.key). 





Copy the files to any convenient location on each server. The location must be accessible to the 
Group Wise agents that run on the server. 


71.2.6 Configuring the Agents to Use SSL 


To configure the agents to use SSL you must first enable them for SSL and then provide certificate 
and key file information. For detailed instructions, see the following sections: 

+ “Securing the Post Office with SSL Connections to the POA” on page 498 

+ “Securing the Domain with SSL Connections to the MTA” on page 629 

¢ Securing Internet Agent Connections with SSL 


+ Securing WebAccess Agent Connections with SSL 
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71.3 Trusted Root Certificates and LDAP 
Authentication 


LDAP authentication, as described in Section 36.3.4, “Providing LDAP Authentication for 

Group Wise Users,” on page 501, relies on the presence of a trusted root certificate (often named 
rootcert.der) located on your LDAP server. A trusted root certificate is automatically created 
for a server when you install eDirectory on that server. However, circumstances might arise where 
you need to create one manually. You can do this in ConsoleOne. 


1 Make sure that Novell International Cryptography Infrastructure (NICI) is installed on the 
workstation where you run ConsoleOne. 


If necessary, you can download NICI from the Novell Product Downloads site (http:// 
download.novell.com). 
2 In ConsoleOne, click Help > About Snapins and verify that the following snap-ins are installed: 
+ Novell LDAP 
+ Novell Certificate Server 
+ Novell Modular Authentication Services (NMAS) 


You can download these snap-ins from the Novell Product Downloads site (http:// 
download.novell.com). After these snap-ins are installed, you can generate a trusted root 
certificate for the LDAP server. 


3 In ConsoleOne, check current SSL/TLS configuration of the LDAP server: 


3a Browse to and right-click the LDAP Server object in your eDirectory tree (typically 
named LDAP Server - server name), then click Properties. 


3b Click SSL/TLS Configuration. 


Properties of LDAP Server - JBD-NW 
Screen Options | Filtered Replica | Persistent Search | Event Monitorir («[»] 





TLS (SSL) Port: 636 I Disable SSL Port 





Server Certificate: ‘SSL CertificateDNS 





Client Certificate: Not Requested 








Trusted Root Containers: 


[I Require TLS for All Operations 


r 


Page Options... | Cancel | 








3c Note the name of the server certificate (typically SSL CertificateDNS). 
3d Make sure that Disable SSL Port is not selected. 
4 Export a trusted root certificate: 
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4a Browse to and right-click the SSL Certificate object identified in Step 3c, then click 
Properties. 


4b Click Certificates. 


Properties of SSL CertificateDNS - JBD-NW 


General | Certificates + | NDS Rights + | Other | Rights to Files and Folders | 
| Trusted Root Certificate 


Subject name: JOU=Orqanizetional CA.O=CORP TREE 


Issuer name: QU-Oraanizational CA.O=CORP TREE 








Effective date: January 24, 2007 10:51:52 PM GMT-07:00 
Expiration date: Lanuarv 24, 2017 10:51:52 PM GMT-07:00 


Certificate status: (Click Validate... 





Replace | Details | Export | Validate | 





Page Options... 








5 Click Validate, then click OK. 
6 Click Export. 


7 When asked if you want to export the private key with the certificate, select No, then click 
Next. 


8 Inthe Output Format box, select File in Binary DER Format. 
9 Inthe Filename field, specify the full path and filename for the trusted root certificate. 





IMPORTANT: For use with GroupWise, the name of the trusted root certificate file can 
consist of 8 characters plus the . der extension. It cannot be a long filename. The most 
convenient location for the trusted root certificate for use with GroupWise is in the directory 
where the POA software is installed. 





10 Click Next, then click Finish. 


You are now ready to configure the POA for LDAP authentication, as described in Section 36.3.4, 
“Providing LDAP Authentication for GroupWise Users,” on page 501. 
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LDAP Directories 


LDAP (Lightweight Directory Access Protocol) is a standard Internet protocol for accessing 
commonly used network directories. If you are new to Group Wise” or LDAP, you might find it 
useful to review TID 2955731: GroupWise and LDAP in the Novell Support Knowledgebase. (http:/ 
/www.novell.com/support) This TID provides an overview of LDAP and explains the two address- 
book-related ways that Group Wise makes use of LDAP. This section briefly summarizes the address 
book usages of LDAP and explains how LDAP can also be used to store security information such 
as passwords and certificates for use with Group Wise. 

+ Section 72.1, “Accessing Public LDAP Directories from GroupWise,” on page 1131 

+ Section 72.2, “Offering the GroupWise Address Book as an LDAP Directory,” on page 1131 


¢ Section 72.3, “Authenticating to Group Wise with Passwords Stored in an LDAP Directory,” on 
page 1131 


+ Section 72.4, “Accessing S/MIME Certificates in an LDAP Directory,” on page 1132 


See also Part XVI, “Security Policies,” on page 1163. 


72.1 Accessing Public LDAP Directories from 
GroupWise 

The GroupWise client uses LDAP to provide access to directory services such as Bigfoot* and 
Switchboard*. This enables Group Wise users to select e-mail addresses from these popular 


directory services and add them to their personal GroupWise address books. See “Using LDAP in 
the Address Book” in “Using the Address Book” in the GroupWise 7 Windows Client User Guide. 


72.2 Offering the GroupWise Address Book as 
an LDAP Directory 


The Group Wise Internet Agent uses LDAP to make the GroupWise address book available to any 
LDAP-enabled client. This enables users of other e-mail clients to define GroupWise address books 
as LDAP directories from which they can select e-mail addresses. See Section 46.2, “Configuring 
LDAP Services,” on page 737. See also Chapter 74, “Address Book Security,” on page 1137. 


72.3 Authenticating to GroupWise with 
Passwords Stored in an LDAP Directory 


Enabling LDAP authentication for the POA is independent of these LDAP address book features. 
You need to enable LDAP authentication when you want the POA to authenticate the user’s 
password in an LDAP directory rather than looking for a password in the user’s GroupWise account 
information. The POA can make use of the following LDAP capabilities: 

+ Section 72.3.1, “Access Method,” on page 1132 


+ Section 72.3.2, “LDAP Username,” on page 1132 
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When you understand these LDAP capabilities, you are ready to set up LDAP authentication for 
your GroupWise users. See Section 36.3.4, “Providing LDAP Authentication for Group Wise 
Users,” on page 501. 


72.3.1 Access Method 


On a server-by-server basis (ConsoleOne > GroupWise System Operations > LDAP Servers), you 
can specify whether you want each LDAP server to respond to authentication requests using a bind 
or a compare. 


¢ Bind: With a bind, the POA essentially logs in to the LDAP server. When responding to a bind 
request, most LDAP servers enforce password policies such as grace logins and intruder 
lockout, if such policies have been implemented by the LDAP directory. 


* Compare: With a compare, the POA provides the user password to the LDAP server. When 
responding to a compare request, the LDAP server compares the password provided by the 
POA with the user’s password in the LDAP directory, and returns the results of the comparison. 
Using a compare connection can provide faster access because there is typically less overhead 
involved because password policies are not being enforced. 


Regardless of whether the POA is submitting bind requests or compare requests to authenticate 
Group Wise users, the POA can stay connected to the LDAP server as long as authentication requests 
continue to occur before the connection times out. This provides quick response as users are 
accessing their mailboxes. 


72.3.2 LDAP Username 


On a post office-by-post office basis (ConsoleOne > Post Office object > GroupWise > Security), 
you can decide what username you want the POA to use when accessing the LDAP server. 


+ LDAP Username Login: If you want the POA to access the LDAP server with specific rights 
to the LDAP directory, you can provide a username for the POA to use when logging in. The 
rights of the user determine what information in the LDAP directory will be available during 
the authentication process. 


¢ Public or Anonymous Login: If you do not provide a specific LDAP username as part of the 
post office LDAP configuration information, then the POA accesses the LDAP directory with a 
public or anonymous connection. Only public information is available when using such a login. 


72.4 Accessing S/MIME Certificates in an LDAP 
Directory 


Just as the POA can access user password information in an LDAP directory, the GroupWise 
Windows client can access recipients’ digital certificates in an LDAP directory. See “Searching for 
Recipient Encryption Certificates Using LDAP” in “Sending S/MIME Secure Message” in the 
GroupWise 7 Windows Client User Guide. 


When a certificate is stored on an LDAP server, the GroupWise Windows client searches the LDAP 
server every time the certificate is used. Certificates from LDAP servers are not downloaded into the 
local certificate store on the user’s workstation. To facilitate this process, the user must select a 
default LDAP directory in the LDAP address book (Windows client > LDAP Address Book > 
Directories > Set as Default) and enable searching (Windows client > Tools > Options Security > 
Send > Advanced Options > Search for Recipient Encryption Certificates in the Default LDAP 
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Directory). An advantage to this is that recipients’ certificates are available no matter what 
workstation the Group Wise user sends the message from. 





NOTE: This feature is not available in the Cross-Platform client or the WebAccess client. 
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Message Security 


The GroupWise® client accommodates users’ preferences for security and privacy when sending 
messages. Users can: 


+ 


Sign a message with standardized text (Windows client > Tools > Options > Environment > 
Signature and Cross-Platform client > Tools > Options > Send > Signature). 


Sign a message with an electronic business card (vCard) (Windows client > 7ools > Options > 
Environment > Signature and Cross-Platform client > Tools > Options > Send > Signature). 


Digitally sign and/or encrypt a message. See Section 71.1, “Personal Digital Certificates, 
Digital Signatures, and S/MIME Encryption,” on page 1121. 


Give a message a security classification (Windows client > Mail To > Send Options > General 
> Classification > Proprietary, Confidential, Secret, Top Secret, or For Your Eyes Only and 
Cross-Platform client > Mail To > Send Options > Classification). 


Conceal the subject of an e-mail message (Windows client > Mail To > Send Options > 
Security > Conceal Subject). 


Mark messages and appointments private so that proxy users cannot see them. (Windows client 
> Actions > Mark Private). 


Attach a password-protected document to a message and have the recipient prompted by the 
application to supply the password before the recipient can open the document 


Require a password in order to mark a Routing Slip completed (Windows client > Tools > 
Options > Send > Security > Require Password to Complete Routed Item). This can prevent a 
user who is proxied to the mailbox from marking the item completed, or if multiple users proxy 
to the mailbox, it can be used to ensure that only the user for whom the item was intended can 
complete it. 


In addition, if the users in your GroupWise system exchange messages with users in other 
GroupWise systems, you can set preferences to control what types of information pass between the 
two systems. For example, you can prevent external GroupWise users from performing busy 
searches or obtaining message delivery status. See Section 4.2, “System Preferences,” on page 53. 


See also Part XVI, “Security Policies,” on page 1163. 
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Address Book Security 


One of the purposes of the Address Book is to make user information available to all GroupWise” 
users. However, there might be types of information that you do not want to display. 
+ Section 74.1, “eDirectory Information Displayed in the Address Book,” on page 1137 
+ Section 74.2, “Suppressing the Contents of the User Description Field,” on page 1137 
+ Section 74.3, “Controlling GroupWise Object Visibility in the Address Book,” on page 1137 
+ Section 74.4, “Controlling GroupWise Object Visibility between GroupWise Systems,” on 
page 1138 


See also Part XVI, “Security Policies,” on page 1163. 


74.1 eDirectory Information Displayed in the 
Address Book 


The Address Book displays information stored in Novell® eDirectory™ for users, resources, and 
distribution lists in your GroupWise system. By default, the following information is displayed: 
* Name 
+ Office phone number 
+ Department 
+ Fax number 
+ User ID 


You can configure the Address Book to display more or less information to meet the needs of your 
users. See Section 6.1, “Customizing Address Book Fields,” on page 85. 


By default, all users, resources, and distribution lists that you create in eDirectory are displayed in 
the Address Book and are available to all GroupWise users. 


74.2 Suppressing the Contents of the User 
Description Field 

By default, when you display details about a user in the Address Book, the information in the 
Description field of the User object in eDirectory is displayed. If you keep confidential information 
in the Description field of the User object, you can prevent this information from appearing the 


Group Wise Address Book. See Section 6.1.5, “Preventing the User Description Field from 
Displaying in the Address Book,” on page 89. 


74.3 Controlling GroupWise Object Visibility in 
the Address Book 


You might need to create users, resources, or distribution lists that are not available to all GroupWise 
users. You can accomplish this by restricting the set of users that can see such objects in the Address 
Book. You can make such objects visible only to the members of a domain, only to the members of 
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a post office, or to no one at all. An object does not need to be visible to be addressable. For 
instructions, see Section 6.2, “Controlling Object Visibility,” on page 89. 


74.4 Controlling GroupWise Object Visibility 
between GroupWise Systems 


If you synchronize your GroupWise system with other GroupWise systems to simplify addressing 
for users of both systems, you can control what information from your Address Book you want to be 
available in the Address Books of other GroupWise systems. For instructions, see “Exchanging 
Information Between Systems” in “Connecting to GroupWise 5.x, 6.x, and 7.x Systems” in the 
GroupWise 7 Multi-System Administration Guide. 
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GroupWise Administrator Rights 


To administer GroupWise®, a user needs the appropriate file system rights and Novell® eDirectory™ 
rights. The following sections provide information to help you configure GroupWise administrator 
rights to meet the needs of your environment: 

+ Section 75.1, “Setting Up a GroupWise Administrator as an Admin Equivalent,” on page 1139 

+ Section 75.2, “Assigning Rights Based on Administration Responsibilities,” on page 1139 

+ Section 75.3, “eDirectory Object and Properties Rights,” on page 1147 

+ Section 75.4, “Granting or Removing Object and Property Rights,” on page 1150 


See also Part XVI, “Security Policies,” on page 1163. 


75.1 Setting Up a GroupWise Administrator as 
an Admin Equivalent 


The easiest way to ensure that a GroupWise administrator has all necessary eDirectory rights and 
NetWare file system rights is to make the administrator an Admin equivalent. Unless you have 
implemented multiple administrators who have different roles and access rights (for example, a 
server administrator, a printer administrator, and a GroupWise administrator), we suggest you make 
your GroupWise administrator an Admin equivalent. 


1 In ConsoleOne®, right-click the Group Wise administrator’s User object, then click Properties. 
2 Click the Memberships tab, then click Security Egual To to display the Security Egual To page. 
3 Click Add to display the Select Objects dialog box. 
4 Browse for and select the Admin object, then click OK. 

The Admin object should now be displayed in the Security Equal To list. 
5 Click OK. 


75.2 Assigning Rights Based on Administration 
Responsibilities 


Making a GroupWise administrator an Admin equivalent gives the GroupWise administrator all 
eDirectory rights required to administer GroupWise. It will also give him or her full file system 
rights to NetWare servers. To increase security or to support a distributed administration model, you 
can restrict Group Wise administrators’ file system and eDirectory rights to only those required to 
administer Group Wise and assign rights to your Group Wise administrators based on their 
administration responsibilities. For example, 


+ Ifyou have only one GroupWise administrator (a centralized Group Wise administration 
model), you can give the administrator rights only to the eDirectory objects and file systems 
that are used for GroupWise. 


¢ Ifyou have multiple administrators who are each responsible for a domain (a distributed 
GroupWise administration model), you can restrict their rights to only those eDirectory objects 
and file systems associated with their GroupWise domain. 
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¢ Ifyou have one administrator whom you want to control all links between domains, you can 
assign rights to the eDirectory objects and file systems associated with domains links. 


The following two sections, Section 75.2.1, “File System Rights,” on page 1140 and Section 75.2.2, 
“eDirectory Rights,” on page 1140, provide general information about the file system rights and 
eDirectory object and property rights needed to perform Group Wise administration tasks. 


The final section, Section 75.2.3, “Common Types of GroupWise Administrators,” on page 1144, 
lists some common types of GroupWise administrators (for example, Domain administrator and 
Post Office administrator) and the specific file system and eDirectory rights they need. 


75.2.1 File System Rights 


A GroupWise administrator must have an account (or security equivalence) that provides the 
following rights to the directories listed below: 


Table 75-1 GroupWise Administrator Rights 


Directory NetWare Rights Windows Permissions 
sys:\public (for ConsoleOne and GroupWise Read Not applicable 
Administrator snap-ins) File 
Scan 
Any GroupWise system directory the administrator is Read Full Control 
responsible for. This includes: Write 
* domain directories Create 
M de Erase 
st offi 
post office directories Modify 
+ software distribution directories File Scan 
+ library storage area directories Access Control 
Any directory in which the GroupWise agents are Read Full Control 
installed. Write 
For NetWare, the default directory is sys:\system. Create 
Erase 


For Windows, the default directory is c: \grpwise Modify 
(for the MTA, POA, and Internet Agent) and 


c:\webacc (for the WebAccess Agent). KIGE 


Access Control 


75.2.2 eDirectory Rights 


The eDirectory object and property rights an administrator reguires depend on the administrative 
tasks he or she needs to perform. In Group Wise administration, there are five basic tasks an 
administrator can perform: 


+ Create and delete objects (for example, domains, post offices, gateways, agents, libraries, 
resources, external entities, and distribution lists). 


+ Modify object properties (for example, moving a GroupWise user from one post office to 
another or deleting a GroupWise user from a distribution list). 
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+ Modify link information (for example, defining whether Domain 1 links directly to Domain 3 
or indirectly to Domain 3 through Domain 2). 


+ Perform system operations (for example, managing software distribution directories, creating 
administrator-defined fields, and setting up eDirectory user synchronization). 


+ Perform maintenance operations (for example, rebuilding domain and post office databases, 
analyzing and fixing user and message databases, and changing a user’s client options). 


Creating and Deleting Objects 


The following rules apply to creating or deleting a GroupWise object (for example, domain, post 
office, gateway, agent, library, resource, external entity, or distribution list): 


+ To create a GroupWise object, the administrator must have Create object rights in the container 
where he or she is creating the object. To delete a GroupWise object, the administrator must 
have Delete object rights to the GroupWise object’s container. 


¢ Ifcreating or deleting the object requires modification of a second object’s properties, the 
administrator must have Read and Write rights to the second object’s NGW: GroupWise ID 
property and all other affected properties. For example, when you create a distribution list, the 
list is assigned to a post office. Therefore, the administrator needs Read and Write rights to the 
post office object’s NGW: GroupWise ID property and NGW: Distribution List Member 


property. 


For information about giving a user rights to an object or an objects’s properties or restricting a 
user’s rights to an object or an object’s properties, see Section 75.4, “Granting or Removing Object 
and Property Rights,” on page 1150. 


Modifying Object Properties 


Each eDirectory object has certain properties that hold information about the object. For example, a 
User object includes Full Name, Given Name, Last Name, Network Address, and Title properties. 
The following rules apply to modifying an object’s properties: 


+ Each object has an NGW: GroupWise ID property. The administrator must always have Read 
and Write rights to the NGW: GroupWise ID property for the object being modified. Without 
rights to the NGW: GroupWise ID property, no modifications can be made to any of the 
object’s Group Wise properties. 


¢ The administrator must have Read and Write rights to the property being modified. For 
example, to change a user’s visibility within the GroupWise system, the administrator requires 
Read and Write rights to the user object’s NGW: GroupWise ID property and NGW: Visibility 
property. 

¢ Ifthe modification affects a second object’s properties, the administrator must have Read and 
Write rights to the second object’s affected properties. For example, when you move a user 
from one post office to another, the move affects properties for 1) the User object, 2) the Post 
Office object from which you are moving the user (the source post office) and 3) the Post 
Office object to which you are moving the user (the target post office). Therefore, the 
administrator must have 1) Read and Write rights for the User object’s NGW: GroupWise ID 
property and NGW: Post Office property, 2) Read and Write rights for the source post office 
object’s NGW: GroupWise ID property and Members property, and 3) Read and Write rights 
for the target post office object’s NGW: GroupWise ID property and Members property. 
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Modifications to an object can fail for the following reasons: 


¢ The administrator does not have the appropriate rights to the object’s properties. For example, 
to restrict an administrator from moving a user from one post office to another, you could 1) not 
give the administrator Read and Write rights to the source or target post office object’s NGW: 
Members property or 2) not give the administrator Read and Write rights to the user object’s 
NGW: Post Office property. 


¢ The administrator, in addition to modifying properties he or she has rights to, attempts to 
modify a property he or she does not have rights to modify. For example, if an administrator 
has rights to modify a user’s mailbox ID and visibility but does not have rights to modify the 
mailbox expiration date, any modifications made to the mailbox ID and visibility fail if the 
administrator tries to modify the mailbox expiration date at the same time. 


In general, a GroupWise administrator should have Read and Write rights to all GroupWise 
properties for the objects he or she needs to administer. This ensures that the administrator can 
modify all GroupWise information for the objects. In addition, an administrator should also have 
Read and Write rights to other eDirectory properties used by Group Wise. For example, Full Name is 
an eDirectory User object property used by GroupWise. For a list of Group Wise objects, GroupWise 
object properties, associated eDirectory object properties, see Section 75.3, “eDirectory Object and 
Properties Rights,” on page 1147. 


For information about giving a user rights to modify an object’s properties or restricting a user’s 
rights to modify an object’s properties, see Section 75.4, “Granting or Removing Object and 
Property Rights,” on page 1150. 


Modifying Link Information 


By default, when an administrator creates a domain or post office, the links to other domains or post 
offices are automatically created. Because there are many different ways you can configure your 
domain and post office links, you can use the Link Configuration utility to modify how domains and 
post offices are linked together. You can also use object and property rights to determine which 
administrators have the ability to modify link information. The following rules apply to modifying 
link information: 


¢ To modify the links for post offices within a domain, the administrator must have Read and 
Write rights to the NGW: GroupWise ID property for the Domain object and the Post Office 
objects. In addition, the administrator must have Write rights to the NGW: Link Configuration 
property for the Domain object. 


* To modify the links between domains, the administrator must have Read and Write rights to the 
NGW: GroupWise ID property for each Domain object, and Write rights to the NGW: Link 
Configuration property for each Domain object. 


Because correct domain and post office links are essential to the proper functioning of your 

Group Wise system, you might want to assign link configuration tasks to a single administrator and 
restrict other administrators’ abilities to modify link information. Or, if you have a multiple-domain 
system with multiple administrators, you could have one administrator responsible for all domain 
links and the other administrators responsible for the post office links for their domains. For 
information about giving a user rights to an object’s properties (or restricting a user’s rights to an 
object’s properties), see Section 75.4, “Granting or Removing Object and Property Rights,” on 
page 1150. 
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Performing System Operations 


The system operations that a GroupWise administrator can perform in ConsoleOne are listed on the 
Tools > GroupWise System Operations menu. 


Figure 75-1 GroupWise System Operations Submenu on the Tools Menu 
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The Select Domain, Pending Operations, and Restore Area Management operations are always 
available to GroupWise administrators. To perform any of the other system operations, an 
administrator must have Read and Write rights to the NGW: GroupWise ID property for the primary 
Domain object. In GroupWise systems that span multiple eDirectory trees, the administrator’s 
current tree must be the tree in which the primary Domain object is located. 


You can restrict the ability to perform system operations (other than Select Domain, Pending 
Operations, and Restore Area Management) to only those Group Wise administrators who connect to 
the primary domain database. To do so, you use the Restrict System Operations to Primary Domain 
option (Tools > GroupWise System Operations > System Preferences > Admin Lockout). 
Administrators connected to secondary domain databases see the GroupWise System Operations 
menu with only the Select Domain, Pending Operations, and Restore Area Management options 
available. 


Figure 75-2 GroupWise System Operations Submenu on the Tools Menu 
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For information about giving a user rights to an object’s properties or restricting a user’s rights to an 
object’s properties, see Section 75.4, “Granting or Removing Object and Property Rights,” on 
page 1150. 
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Performing Maintenance Operations 


To perform maintenance operations such as validating, recovering, or rebuilding domain databases; 
fixing user, resource, or post office databases; or changing a user’s client options, an administrator 
must have Read and Write rights to the NGW: GroupWise ID property for the object being modified. 
For example, to rebuild a domain database, an administrator requires Read and Write rights to the 
NGW: GroupWise ID property for the Domain object. Or, to change a user’s client options, an 
administrator requires Read and Write rights to the NGW: GroupWise ID property for the User 
object. 


For information about giving a user rights to an object’s properties or restricting a user’s rights to an 
object’s properties, see Section 75.4, “Granting or Removing Object and Property Rights,” on 
page 1150. 


75.2.3 Common Types of GroupWise Administrators 


The following sections provide information about assigning directory, object, and property rights to 
some common types of GroupWise administrators: 


+ “Domain Administrator” on page 1144 

+ “Post Office Administrator” on page 1145 

+ “Link Configuration Administrator” on page 1146 
Domain Administrator 


A Domain administrator is a Group Wise administrator who has all file system and eDirectory rights 
needed to create and maintain a single Group Wise domain. 


File System Rights 


A Domain administrator reguires the file system rights listed in the following table. 


Directory NetWare Rights Windows Permissions 
sys:\public (for ConsoleOne and GroupWise Read Not applicable 
Administrator snap-ins) File 
Scan 
Any GroupWise system directory the administrator is Read Full Control 
responsible for. This includes: Write 
+ domain directories Create 
7 pd Erase 
post office directories Modify 
+ software distribution directories File Scan 
+ library storage area directories Access Control 


If the domain is not yet created, it is necessary to give 
the administrator rights to the directories where it will 
be created. 
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Directory NetWare Rights Windows Permissions 


The GroupWise agent directories. Read Full Control 
For NetWare, the default directory is sys:\system. wae 

Create 
For Windows, the default directory is c:\grpwise. Erase 

Modify 

File Scan 


Access Control 


eDirectory Rights 
A Domain administrator requires Read and Write rights to properties for the objects listed below. 


+ Domain object: Only the domain the administrator is responsible for unless he or she will also 
configure domain links. If so, the administrator also needs rights to the NGW: GroupWise ID 
and NGW: Link Configuration properties for the other Domain objects. 


¢ Post Office objects: All post offices in the domain. 
+ Gateway objects: All gateways in the domain. 
¢ User objects: All users in the domain. 
+ Resource objects: All resources in the domain. 
¢ Distribution List objects: All distribution lists in the domain. 
¢ Library objects: All libraries in the domain. 
+ Agent objects: All MTAs and POAs in the domain. 
+ External Entity objects: All resources in the domain. 
In most cases, the administrator does not need rights to all of the object properties. After reviewing 


the list of objects, if you want to restrict an administrator’s rights to only the required properties, see 
Section 75.3, “eDirectory Object and Properties Rights,” on page 1147. 


In addition, the administrator must have Create and Delete rights in any container in which one of 
the objects listed above will be created or deleted. 


For a listing of the explicit object properties to which the administrator requires rights, see 
Section 75.3, “eDirectory Object and Properties Rights,” on page 1147. 


Post Office Administrator 


A Post Office administrator is a GroupWise administrator who has all file system and eDirectory 
rights needed to create and maintain a single Group Wise post office. 


File System Rights 


A Post Office administrator requires the file system rights listed in the following table. 


Directory NetWare Rights Windows Permissions 
sys: \public (for ConsoleOne and Read Not applicable 
GroupWise Administrator snap-ins) File Scan 
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Directory NetWare Rights Windows Permissions 


The domain directory Read Full Control 
Write 
Create 
Erase 
Modify 
File Scan 
Access Control 


The following directories: Read Full Control 
Write 
+ post office directory Create 
* library storage area directories for libraries Erase 
assigned to the post office Modify 
File Scan 


Access Control 


The directory for the Post Office Agent. Read Full Control 
Write 
For NetWare, the default directory is Create 
sys:\system. Erase 
| i TR ; Modify 
For Windows, the default directory is c:\grpwise. File Scan 


Access Control 


eDirectory Rights 
A Post Office administrator requires Read and Write rights to properties for the objects listed below. 


In most cases, the administrator does not need rights to all of the object properties. After reviewing 
the list of objects, if you want to restrict an administrator’s rights to only the required properties, see 
Section 75.3, “eDirectory Object and Properties Rights,” on page 1147. 

+ Post Office object: Only the post office that the administrator is responsible for. 

¢ User objects: All users with accounts on the post office. 

+ Resource objects: All resources assigned to the post office. 


¢ Distribution List objects: All distribution lists assigned to the post office. 


+ 


Library objects: All libraries assigned to the post office. 
Agent objects: Only the post office’s POA. 


+ 


+ External Entity objects: All external entities with accounts on the post office. 


In addition, the administrator must have Create and Delete rights in any container in which one of 
the objects listed above will be created or deleted. 


Link Configuration Administrator 


A Link Configuration administrator has all file system and eDirectory rights needed to create and 
maintain the links between GroupWise domains. 


File System Rights 


A Link Configuration administrator requires the file system rights listed in the following table. 
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Table 75-2 File System Rights 


Directory NetWare Rights Windows Permissions 


sys:\public (for ConsoleOne and Read Not applicable 
GroupWise Administrator snap-ins) File Scan 


Domain directory Read Full Control 
Write 
Create 
Erase 
Modify 
File Scan 


eDirectory Rights 


A Post Office administrator requires Read and Write rights to the properties for the objects listed 
below. 


Table 75-3 Read and Write Rights 


Object Property 


Domain (all domains) NGW: GroupWise ID 
NGW: Link Configuration 


75.3 eDirectory Object and Properties Rights 


The table below lists the GroupWise objects and their properties. 


Some properties are specific only to GroupWise. Group Wise-specific properties begin with NGW or 
ngw. Other properties are common eDirectory properties used by GroupWise objects. Common 
eDirectory properties do not begin with NGW or ngw. 


Table 75-4 GroupWise Objects and Their Properties 


Object Property 


Domain NGW: File ID 
NGW: GroupWise ID 
NGW: Language 
NGW: Link Configuration 
NGW: Location 
NGW: Network Type 
NGW: Time Zone ID 
NGW: Type 
NGW: Version 
ngwDefaultWebAccess 
CN 
Description 
Member 
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Object 


Post Office 


Gateway 


User 
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Property 


NDA: Port 

NGW: Access Mode 
NGW: Distribution List Member 
NGW: Domain 

NGW: File ID 

NGW: GroupWise ID 
NGW: Language 

NGW: Library Member 
NGW: Location 

NGW: Network Type 
NGW: Resource Member 
NGW: Time Zone ID 
NGW: Version 
ngwDefaultWebAccess 
ngwLDAPServerAddress 
CN 

Description 

Member 


NGW: Domain 
NGW: File ID 

NGW: GroupWise ID 
NGW: Language 
NGW: Location 
NGW: Platform 
NGW: Time Zone ID 
NGW: Type 
ngwProviderComm 
ndaReferenceList 
ndaServiceList 
ndaXISSettings 

CN 

Description 


NGW: Account 

NGW: File ID 

NGW: Gateway Access 
NGW: GroupWise ID 
NGW: Mailbox Expiration Date 
NGW: Object ID 

NGW: Post Office 
NGW: Visibility 
ngWNLSinfo 
Department 
Description 

EMail Address 

Fax Number 

Given Name 

Internet EMail Address 
Last Name 

Telephone 

Title 


Object 


Resource 


Distribution List 


Library 


Agent 


External Entity 


Property 


NGW: File ID 

NGW: GroupWise ID 
NGW: Owner 

NGW: Post Office 
NGW: Type 

NGW: Visibility 

CN 

Description 


NGW: Blind Copy Member 
NGW: Carbon Copy Member 
NGW: GroupWise ID 

NGW: Post Office 

NGW: Visibility 

CN 

Description 

Member 


NGW: Archive Max Size 

NGW: Document Area Size 
NGW: File ID 

NGW: GroupWise ID 

NGW: Library Display Name 
NGW: Post Office 

NGW: Starting Version Number 
CN 

Description 

Member 


NGW: File ID 

NGW: GroupWise ID 
NGW: Platform 

NGW: Type 
ngwProxyServerAddress 
ndaServiceList 
ndaXISSettings 

CN 

Description 

Network Address 


NGW: Account ID 
NGW: External Net ID 
NGW: File ID 

NGW: GroupWise ID 
NGW: Mailbox Expiration Time 
NGW: Object ID 
NGW: Post Office 
NGW: Visibility 
Department 
Description 

EMail Address 

Fax Number 

Given Name 

Internet EMail Address 
Last Name 

Telephone 

Title 
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75.4 Granting or Removing Object and Property 
Rights 


You can use trustee assignments to grant or restrict rights to an object and its properties. The 
following steps provide one way to grant or remove a user’s rights to an object or its properties. For 
additional methods, see your eDirectory documentation. 

1 Right-click the object in the eDirectory tree, then click Trustees of this Object. 

2 Click Add Trustee to display the Select Object dialog box. 


3 Browse for and select the User object, then click OK to display the Rights Assigned to Selected 
Objects dialog box. 


4 Set the object and property rights you want. If necessary, add additional properties. Click Help 
for additional information. 


5 Click OK when finished. 
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GroupWise Agent Rights 


When you create domains and post offices, ConsoleOne® creates the directory structures and Agent 
objects with all the required rights to enable the agents to function properly, regardless of link type 
between locations and including requirements for Novell® eDirectory™ user synchronization. No 
manual adjustment of agent rights is necessary in GroupWise® 7. 


You can check the POA’s rights to the post office directory by starting it using the /rights switch in 
the POA startup file. 


See also Part XVI, “Security Policies,” on page 1163. 
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GroupWise User Rights 


Group Wise” users require specific Novell® eDirectory™ rights and, in some cases, specific file 
system rights in order for the Group Wise client to function properly. The following sections provide 
information about the required rights and how to supply them. 


¢ Section 77.1, “eDirectory Rights,” on page 1153 
+ Section 77.2, “File System Rights,” on page 1155 


See also Part XVI, “Security Policies,” on page 1163. 


77.1 eDirectory Rights 


By default, ConsoleOne® is configured to automatically provide a Group Wise user's required 
eDirectory rights when you add the user to a post office. You can, however, configure GroupWise 
Administrator to not assign rights automatically, in which case you would need to manually assign 
eDirectory rights. 


The following sections provide information about how to configure ConsoleOne to automatically set 
Group Wise users’ eDirectory rights and how to manually set these rights: 


+ Section 77.1.1, “Configuring ConsoleOne to Automatically Set eDirectory Rights When 
Creating User Accounts,” on page 1153 


+ Section 77.1.2, “Manually Granting eDirectory Rights,” on page 1154 


77.1.1 Configuring ConsoleOne to Automatically Set 
eDirectory Rights When Creating User Accounts 


By default, the GroupWise Administrator snap-in for ConsoleOne is configured to automatically set 
the eDirectory rights required by a GroupWise user. This is done when you create the user’s 
GroupWise account. 


For GroupWise Administrator to be able to set these rights, you must have sufficient administrative 
rights to eDirectory. If you don’t have sufficient rights to manually set the user’s access rights, 
GroupWise Administrator does not have sufficient rights to set them automatically. In general, we 
recommend that you be an Admin equivalent. For more information, see Chapter 75, “Group Wise 
Administrator Rights,” on page 1139. 


If you choose not to grant eDirectory rights automatically, you should manually set the rights to 
ensure that users have appropriate access. For instructions, see Section 77.1.2, “Manually Granting 
eDirectory Rights,” on page 1154. 


To configure whether or not GroupWise Administrator automatically assigns rights to users when 
you create Group Wise accounts: 


1 In ConsoleOne, click Tools > GroupWise System Operations > System Preferences to display 
the GroupWise System Preferences dialog box. 
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GroupWise System Preferences 
es. Default Password | Admin Lockout Settinas 
I] Routing Options | External Access Rights 
Set access rights automatically: 
T When creating a GroupWise user 
When creating or modifying objects, for network ID use: 
(° Full Distinguished Name 
© Common Name 


|” Display Identity Manager (DirXML) warnings 








| Cancel | Help 








2 To have GroupWise Administrator automatically set access rights, select the Set Access Rights 
Automatically When Creating a GroupWise User option. 


Or 


To turn off this option, deselect the Set Access Rights Automatically When Creating a 
GroupWise User option. 


3 Click OK to save your changes. 


77.1.2 Manually Granting eDirectory Rights 


At startup, the GroupWise client must know the following: 
¢ The post office where the user has an account. 


+ Whether to connect to the user's post office in direct access mode or client/server access mode. 


The user can supply this information in the GroupWise Startup dialog box that appears or use the / 
ph-path_to_post_office, /ipa-IP_address, /ipp-TCP_port, and /@u-user_ID startup options. 


If you do not want users to be required to supply this information, you can give users rights to the 
eDirectory objects shown below. When a user has rights to the objects, the GroupWise client can 
read the object’s information in eDirectory to determine the user’s post office and access mode. This 
requires users to be logged in to eDirectory. 


Table 77-1 eDirectory Object Rights 


Object and Properties Rights 
User object Browse 
NGW:Post Office Read 
Post Office object Browse 
NGW:Location Read 
NGW:Access Mode Read 
POA object Browse 
NGW:Type Read 
Network Address Read 
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GroupWise Name Server (ngwnameserver) 


The following information applies to users running the GroupWise client in client/server access 
mode. 


If you do not want to provide eDirectory rights to GroupWise users as explained above, or if you 
have GroupWise users who don’t log in to eDirectory, you can set up a GroupWise name server. A 
GroupWise name server enables users to access their post office without knowing the IP address and 
port number of the POA. 


The GroupWise name server is a DNS host entry for one of the POAs in your GroupWise system. At 
startup, the GroupWise client automatically looks for the GroupWise name server. When a user 
reaches the POA designated as the GroupWise name server, the POA redirects the user to the IP 
address and port number of the POA that services the user’s post office. 


The primary GroupWise name server must be named ngwnameserver. You can set up one backup 
Group Wise name server and name it ngwnameserver2. Both POAs must use the default TCP port of 
1677. 


To set up a GroupWise name server: 


1 Use your tool of choice for modifying DNS. 


2 Create an entry for the IP address of the POA you want to designate as the primary GroupWise 
name server, then give it the hostname ngwnameserver. 


3 Create an entry for the IP address of the POA you want to designate as the backup Group Wise 
name server, then give it the hostname ngwnameserver2. 


77.2 File System Rights 


Listed below are the locations you need to consider when assigning file system rights to GroupWise 
users: 


+ Domain Directory: Users do not require file system access to the domain directory. 


+ Post Office Directory: The recommended post office access mode for the GroupWise client is 
client/server (TCP/IP), which means that the user does not require file system access to the post 
office. Therefore, ConsoleOne does not assign any file system rights when you add a user to a 
post office. 


If you want to use direct access mode (mapped drive or UNC path), you need to manually 
assign users the required file system rights to their post office directories. For instructions, see 
Section 77.2.1, “Granting File System Rights to the Post Office Directory,” on page 1156. 


¢ GroupWise Software Distribution Directory: If you want users to have file system rights to 
a GroupWise software distribution directory to install or run the GroupWise client, you need to 
manually assign rights. For instructions, see Section 77.2.2, “Granting File System Rights to 
the Software Distribution Directory,” on page 1157. 


+ Mailbox Backup Directory: For users to restore their mailbox from a network backup 
directory, they need the appropriate file system rights to the directory. For more information, 
see Section 77.2.3, “Granting File System Rights to the Mailbox Backup Directory,” on 
page 1158. 
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77.2.1 Granting File System Rights to the Post Office Directory 


The following information applies only to users who are running the GroupWise client in direct 
access mode. Users who are running in client/server access mode do not require rights to the post 
office directories. 


To increase security in your post office directories, you should restrict rights as shown in the 


following table. 


Table 77-2 Post Office Directory Rights 


Directories NetWare Rights Windows Permissions 
post office RWC--F Change 
agents nnn No Access 
Mom -—— No Access 
language eee No Access 
ME —— No Access 
language ee No Access 
gwdms RW---F Change 
libx RW---F Change 
index RW---F Change 
archive RW---F Change 
ar xx RW---F Change 
docs RWCEMF Full Control 
fdx RWCEMF Full Control 
offiles R----F Change 
fdx RWCEMF Full Control 
ofmsg RWCEMF Full Control 
ofuser RWCEMF Full Control 
index RW---F Change 
ofviews ween No Access 
win R----F Read 
ofwork R----F Read 
ofdirect RWCEMF Full Control 
wpcsin RWCEMF Full Control 
0-7 -WC-M- Change 
problem -WC-M- Change 
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Directories 


wpcsout 


ads 


problem 


NetWare Rights 


RWCEMF 
-WC-M- 
-WC-M- 
RWC-MF 
RWC-MF 
-WC-M- 


Windows Permissions 
No Access 

No Access 

No Access 

Full Control 

Change 

Change 

Full Control 

Full Control 


Change 


77.2.2 Granting File System Rights to the Software Distribution 


Directory 


The software distribution directory contains the GroupWise client for Windows. To set up and run 
the GroupWise client, users require the directory rights listed in the table below. 


Table 77-3 Software Distribution Directory Rights 


Directories NetWare Rights 
software distribution directory R----F 
admin ere 
Sens + 
client R----F 
ofviews R----F 
win32 R----F 
internet © 1 
domain £2 2 2 2 2 ee 
PE (l 


Windows Permissions 
Read 

No Access 

No Access 

Read 

Read 

Read 

No Access 

No Access 


No Access 





IMPORTANT: Users require rights only to the client directory and subdirectories. The other 
directories (admin, agents, domain, internet, and po) are administration directories that 


users should not have access to. 
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77.2.3 Granting File System Rights to the Mailbox Backup 
Directory 


If you back up a user’s network mailbox, or a user backs up his or her local mailbox, to a network 
location, the user requires Read and Write file system rights to the backup directory in order to 
restore his or her mailbox. 
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Spam Protection 


Unwanted Internet e-mail messages (spam) can be a distracting nuisance to GroupWise” client 
users. Your first line of defense against spam is the Internet Agent. Your second line of defense is the 
Junk Mail Handling feature of the GroupWise Windows client. 

+ Section 78.1, “Configuring the Internet Agent for Spam Protection,” on page 1159 

+ Section 78.2, “Configuring the GroupWise Client for Spam Protection,” on page 1159 


See also Part XVI, “Security Policies,” on page 1163. 


78.1 Configuring the Internet Agent for Spam 
Protection 


In ConsoleOne®, you can configure the Internet Agent to reject messages in certain situations: 


+ Messages are received from known open relay hosts or spam hosts (Internet Agent object > 
Access Control > Blacklists). 


+ Messages are received from any hosts that you specifically do not want to receive messages 
from (Internet Agent object > Access Control > Default Class of Service > Edit > Allow 
Incoming Messages, Prevent Incoming Messages, and Exceptions). 


+ Messages are received through an anti-spam service that uses an “X” header field to identify 
potential spam (Internet Agent object > SMTP/MIME > Settings > Junk Mail). 


+ Thirty messages are received within 10 seconds from the same sending host (Internet Agent 
object > SMTP/MIME Settings > Security Settings). The number of message and the time 
interval can be modified to identify whatever you consider to be a potential mailbomb. 


+ Messages are received from SMTP hosts that are not using the AUTH LOGIN host 
authentication method (/forceinboundauth startup switch). 


+ The sender’s identify cannot be verified (Internet Agent object > SMTP/MIME Settings > 
Security Settings). 


For detailed setup instructions on these anti-spam security measures, see Section 47.2, “Blocking 
Unwanted E-Mail from the Internet,” on page 757. 


Messages that are identified as spam by the Internet Agent are not accepted into your GroupWise 
system. 


78.2 Configuring the GroupWise Client for Spam 
Protection 


The Junk Mail Handling feature (Windows and Cross-Platform client > Tools > Junk Mail 
Handling) provides users with the following options for dealing with unwanted messages that have 
not been stopped by the Internet Agent: 


¢ Individual e-mail addresses or entire Internet domains can be placed on the user’s Block List. 
Messages from blocked addresses never arrive in the user’s mailbox. 
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¢ Individual e-mail addresses or entire Internet Domains can be placed on the user’s Junk List. 
Messages from these addresses are automatically delivered to the Junk Mail folder in the user’s 
mailbox. The user can configure automatic deletion of items in the Junk Mail folder and can 
also create rules to act on items placed in the Junk Mail folder. 


+ Messages from users whose addresses are not in the user's personal address books can be 
automatically delivered to the Junk Mail folder. 


The Junk Mail Handling feature in the GroupWise Windows client and Cross-Platform client is 
enabled by default, although you can control its functionality in ConsoleOne (Domain, Post Office, 
or User object > Tools > GroupWise Utilities > Client Options > Environment > Junk Mail). 


For detailed usage instructions for the Junk Mail Handling feature in the Group Wise client, see: 


+ “Handling Unwanted Mail” in “Working with Items in Your Mailbox” in the GroupWise 7 
Windows Client User Guide 


+ “Handling Unwanted Mail” in “Working with Items in Your Mailbox” in the GroupWise 7 
Cross-Platform Client User Guide 





NOTE: The Junk Mail Handling feature is not available in the WebAccess client. 
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Virus Protection 


Virus protection for your GroupWise® system is provided by third-party products, including: 


* GWAVA* by Beginfinite* 

+ RAV* AntiVirus* by GeCAD Software* 

¢ IronMail* by CipherTrust* 

* GWGuardian* by The Messaging Architects* 
For information about these and other security products for use with your GroupWise system, see 
the Novell® Partner Product Guide (http://www.novell.com/partnerguide/) and the Novell Open 


Enterprise Server Partner Support site (http://www.novell.com/products/openenterpriseserver/ 
partners). 


See also Part XVI, “Security Policies,” on page 1163. 
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Security Policies 


+ Chapter 80, “Securing GroupWise Data,” on page 1165 

¢ Chapter 81, “Securing GroupWise Agents,” on page 1167 

+ Chapter 82, “Securing GroupWise System Access,” on page 1171 
+ Chapter 83, “Secure Migrations,” on page 1173 
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Securing GroupWise Data 


+ Section 80.1, “Limiting Physical Access to GroupWise Servers,” on page 1165 
+ Section 80.2, “Securing File System Access,” on page 1165 


+ Section 80.3, “Securing Domains and Post Offices,” on page 1165 


80.1 Limiting Physical Access to GroupWise 
Servers 


Servers where GroupWise® data resides should be kept physically secure, where unauthorized 
persons cannot gain access to the server consoles. 


80.2 Securing File System Access 


In ConsoleOne®, Server objects for servers where Group Wise domains, post offices, and agents 
reside should be assigned appropriate trustees and rights to prevent access from unauthorized 
persons. 


For additional data security, encrypted file systems should be used on servers where GroupWise 
domains, post offices, and agents reside. Only GroupWise administrators should have direct access 
to GroupWise data. 


80.3 Securing Domains and Post Offices 


In ConsoleOne, administrators in addition to the Admin user should be given rights judiciously, as 
described in Chapter 75, “GroupWise Administrator Rights,” on page 1139. 


The POA should be configured for client/server access, so that GroupWise users do not require any 
direct access to any databases in the post office. For more information, see Section 36.2.1, “Using 
Client/Server Access to the Post Office,” on page 486. 
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Securing GroupWise Agents 


+ Section 81.1, “Setting Up SSL Connections,” on page 1167 

+ Section 81.2, “Protecting Agent Web Consoles,” on page 1167 

¢ Section 81.3, “Protecting Agent Startup and Configuration Files,” on page 1167 
+ Section 81.4, “Protecting Agent Log Files,” on page 1168 

+ Section 81.5, “Protecting Agent Processes on Linux,” on page 1169 


+ Section 81.6, “Protecting Trusted Applications,” on page 1169 


81.1 Setting Up SSL Connections 


All of the GroupWise® agents should be configured to use SSL connections, as described in: 


+ “Securing the Post Office with SSL Connections to the POA” on page 498 

+ “Securing the Domain with SSL Connections to the MTA” on page 629 

+ “Securing Internet Agent Connections with SSL” on page 772 

+ “Securing WebAccess Agent Connections with SSL” on page 875 

+ “Configuring Authentication and Intruder Lockout for the Monitor Web Console” on page 985 


81.2 Protecting Agent Web Consoles 


If you do not provide passwords on the GroupWise agent Web consoles, unauthorized persons can 
access them by simply knowing the IP address or hostname of the machine where the agent runs, 
along with the HTTP port the agent is using. Set up GroupWise agent Web consoles with passwords 
as described in: 


+ “Using the POA Web Console” on page 530 

+ “Using the MTA Web Console” on page 657 

+ “Using the Internet Agent Web Console” on page 787 

+ “Using the WebAccess Agent Web Console” on page 929 


+ “Configuring Authentication and Intruder Lockout for the Monitor Web Console” on page 985 


81.3 Protecting Agent Startup and Configuration 
Files 


The startup and configuration files for all GroupWise agents should be protected from tampering. 
Agent startup files are found in the following default locations: 
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Table 81-1 Locations of GroupWise Agent Startup and Configuration Files 


Platform Directory Startup Files 

NetWare sys:\system post office.poa 
domain.mta 
gwia.cfg 


webac70a.waa 
gwdva .dva 





Linux /opt/novell/groupwise/agents/share post office.poa 
domain.mta 
gwia.cfg 
webac70a.waa 
gwdva.dva 
monitor.xml 





Windows c:\grpwise post office.poa 
c:\grpwise domain.mta 
c:\grpwise\gwia gwia.cfg 
c:\wabacc webac70a.waa 

gwdva.dva 
c:\gwmon monitor.xml 


81.4 Protecting Agent Log Files 


The log files for all GroupWise agents should be protected against access by unauthorized persons. 
Some contain very detailed information about your GroupWise system and GroupWise users. Agent 
log files are found in the following default locations: 


Table 81-2 Locations of GroupWise Agent Log Files 





Platform Directory Startup Files 

NetWare vol:\post office\wpcsout\ofs mmddpoa.nnn 
vol:\domain\mslocal mmddmta.nnn 
vol: \domain\wpgate\gwia\000.pre mmddgwia.nnn 
vol: \domain\wpgate\webac70a\000.pre mmddweb.nnn 
sys:\system\gwdav.dir\log mmdddva.nnn 

Linux /var/log/novell/groupwise/post office.poa nnmmpoa.nnn 
/var/log/novell/groupwise/domain.mta mmddmta.nnn 
/var/log/novell/groupwise/domain.gwia mmddgwia.nnn 
/var/log/novell/groupwise/domain.webac70a mmddweb.nnn 
/var/log/novell/groupwise/gwdva mmnndva.nnn 
/var/log/novell/groupwise/gwmon mmnnmon.nnn 


mmnnhist.nnn 
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Platform Directory Startup Files 


Windows \post_offce\wpcsout\ofs nnmmpoa.nnn 
\domain\mslocal mmddmta.nnn 
\domain\wpgate\gwia\000.pre mmddgwia.nnn 
\domain\wpgate\webac70a\000.pre mmddweb.nnn 
c:\webac\gwdva.dva\log mmnndva.nnn 
c:\gwmon mmnnmon.nnn 


mmnnhist.nnn 


81.5 Protecting Agent Processes on Linux 


On Linux, the GroupWise agents are installed to run as the root user by default. This is not a 
secure configuration. Immediately after installation, you should set up a non-root user for the 
agents to run as, as described in “Running the Linux GroupWise Agents as a Non-root User” in 
“Installing GroupWise Agents” in the GroupWise 7 Installation Guide. 


81.6 Protecting Trusted Applications 


Trusted applications are third-party programs that can log into POAs and Internet Agents in order to 
access Group Wise mailboxes. For background information, see Section 4.12, “Trusted 
Applications,” on page 69. 


Trusted applications log into GroupWise agents by using trusted application keys that are created 
when the trusted application is created. It is essential that these keys are protected and not allowed to 
become public. Steps you can take to protect trusted application keys include: 

¢ Associating the trusted application key with a single IP address whenever possible 


+ Reviewing third-party log files for sensitive data such as the key before sharing them with 
others 


¢ Not sharing trusted application keys with others for any reason 


+ Removing old keys that are no longer needed 
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Securing GroupWise System 
Access 


+ Section 82.1, “Using a Proxy Server with Client/Server Access,” on page 1171 

¢ Section 82.2, “Using LDAP Authentication for GroupWise Users,” on page 1171 
+ Section 82.3, “Managing Mailbox Passwords,” on page 1171 

+ Section 82.4, “Enabling Intruder Detection,” on page 1172 


82.1 Using a Proxy Server with Client/Server 
Access 


POAs in your GroupWise® system should be located behind your firewall. If GroupWise client 
users want to access their GroupWise mailboxes from outside your firewall using the Windows 
client or the Cross-Platform client, you should set up a proxy server outside your firewall to provide 
access, as described in Section 36.3.1, “Securing Client/Server Access through a Proxy Server,” on 
page 496. WebAccess client users access their GroupWise mailboxes through their Web browsers, 
so your Web server handles the access issues for such users. 


82.2 Using LDAP Authentication for GroupWise 
Users 


LDAP authentication provides a more secure method of mailbox access than standard Group Wise 
authentication, which is the default when you set up your GroupWise system. Therefore, you should 
implement LDAP authentication, as described in Section 36.3.4, “Providing LDAP Authentication 
for GroupWise Users,” on page 501. 


On the Post Office object, the LDAP user name that you provide on the Security property page 
should be granted only browser rights in the eDirectory tree. The password for the LDAP user 
should be long and randomly generated. 


On the LDAP Server object, Require TLS for All Operations should be selected on the SSL/TLS 
Configuration property page. On the LDAP Group object, Require TLS for Simple Binds with 
Password should be selected. 


On your LDAP servers, the trusted root certificate file should be write protected so that it cannot be 
tampered with. 


82.3 Managing Mailbox Passwords 


GroupWise offers varying levels of password security, as described in Section 70.1, “Mailbox 
Passwords,” on page 1115. Make sure that you understand the options available to you and that you 
select the level of password security that is appropriate to your GroupWise system. 
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82.4 Enabling Intruder Detection 


You can configure the POA to lock out a user that provides the wrong mailbox password too many 
times, as described in Section 36.3.5, “Enabling Intruder Detection,” on page 506. 
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Secure Migrations 


¢ Section 83.1, “GroupWise Server Migration Utility,” on page 1173 


83.1 GroupWise Server Migration Utility 


During its operation, the GroupWise Server Migration Utility prompts for some restricted-access 
information. It also modifies critical GroupWise agent startup files. This section explains why. 


83.1.1 Source Server Credentials 


The Server Migration Utility prompts for a user ID and password that provides read/write access to 
the NetWare or Windows server so that the Linux server can mount the source server with read/write 
access. 


In addition, the Server Migration Utility needs read/write access to the domain or post office 
directory that is being migrated. Read/write access enables the Server Migration Utility to copy the 
contents of the post office directory or domain directory, including the post office database and 
domain database, so that file locking is respected while the data is being copied, File locking 
prevents database damage. 


83.1.2 Destination Server root Password 


The Server Migration Utility prompts for the root password so that it can mount the NetWare 
volume or the Windows share to the Linux file system. It also needs the root password in order to 
communicate with the SSH (secure shell) daemon on the Linux server. The SSH daemon allows 
root access for the utility to install the GroupWise RPMs, to run the programs required for 
migration locally on the Linux server, and to create and save the Linux agent startup files. 


In addition, root permissions might be required to write the post office or domain data to the Linux 
server, depending on where the user decided to locate the post office or domain. After the migration, 
the user can configure the GroupWise agents to run as a non-root user for improved security, as 
described in “Running the Linux GroupWise Agents as a Non-root User” in “Installing GroupWise 
Agents” in the GroupWise 7 Installation Guide. 


83.1.3 Agent Startup Files 


When the Server Migration Utility migrates an agent, the only change it makes to its startup file is to 
modify the --home switch to point to the new location of the post office or domain on the Linux 
server. Existing switch settings are retained, except for paths and IP addresses that would be invalid 
in the new Linux environment. 
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Documentation Updates 


This section lists updates to the GroupWise 7 Administration Guide that have been made since the 
initial release of GroupWise® 7. The information helps you to keep current on documentation 
updates and, in some cases, software updates (such as a Support Pack release). 


The information is grouped according to the date when the GroupWise 7 Administration Guide was 
republished. Within each dated section, the updates are listed by the names of the main table of 
contents sections. 


The GroupWise 7 Administration Guide has been updated on the following dates: 
+ Appendix A, “March 14, 2008 (GroupWise 7 SP3),” on page 1177 
+ Appendix B, “April 16, 2007 (GroupWise 7 SP 2),” on page 1181 
+ Appendix C, “September 29, 2006,” on page 1183 
+ Appendix D, “June 15, 2006 (GroupWise 7 SP 1),” on page 1185 
+ Appendix E, “November 30, 2005,” on page 1191 
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March 14, 2008 (GroupWise 7 SP3) 


Location 


System 


Section 2.2.1, “Installing 
ConsoleOne on Linux,” on 
page 40 


Section 2.3, “ConsoleOne in a 
Multiple-Platform 
Environment,” on page 41 


Section 4.9, “Software 
Directory Management,” on 
page 64 


Section 4.9.3, “Deleting a 
Software Distribution 
Directory,” on page 68 


Section 4.12.1, “Creating a Key 
for a Trusted Application,” on 
page 69 


Section 5.16.1, “Graft 
GroupWise Objects,” on 
page 78 


Post Office 


Section 12.3.2, “Setting 
Mailbox Size Limits,” on 
page 183 


Section 12.4, “Auditing Mailbox 
License Usage in the Post 
Office,” on page 191 


Users 


Section 14.3, “Adding a Global 
Signature to Users’ 
Messages,” on page 219 


Resources 


Section 15.3, “Creating a New 
Resource,” on page 250 


Databases 


Change 


Added a recommendation for mounting domain servers to 
accommodate ConsoleOne® access. 


Emphasized using the version of ConsoleOne that matches the 
platform where domains and post offices are located. 


Added the recommendation for one software distribution directory per 
server where one or more post offices is located. 


Clarified that a software distribution directory must not be in use by any 
post offices before you can delete it. 


Added a section about how trusted applications must provide a key in 
order to authenticate to GroupWise®. 


Corrected the process used to graft users. 


Corrected the information about what happens when a user receives a 
warning message about nearing the mailbox size limit. 


Clarified licensing requirements for mobile devices. 


Added cross-references to information about users’ personal signatures 
in the GroupWise Client User Guide for each client. 


Clarified that when a place resource is added to the To field of an 
appointment, the resource name, not its description, is added to the 
Place field. 
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Location 


Section 30.1, “Gathering 
Mailbox Statistics,” on 

page 399 and Section 30.2, 
“Reducing the Size of User and 
Message Databases,” on 
page 401 


Chapter 33, “Retaining User 
Messages,” on page 419 


“Logging” on page 429 


Section 34.1.8, “GWCheck 
Startup Switches,” on page 432 


“TSAFSGW Functionality” on 
page 440 


Section 34.4.4, “DBCopy 
Startup Switches,” on page 458 


Post Office Agent 


“Setting Up SNMP Services for 
the Linux POA’ on page 541 


“noldapx” on page 590 
“[soapsizelimit” on page 600 
Message Transfer Agent 


“Setting Up SNMP Services for 
the Linux MTA” on page 668 


Internet Agent 


Section 46.1.9, “Using a Route 
Configuration File,” on 
page 732 


Section 47.1.1, “Classes of 
Service,” on page 747 


Section 39.80, “/nosnmp,” on 
page 593 


Monitor Agent 


Section 59.11, “Monitoring 
Messenger Agents,” on 
page 988 


Client 
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Change 


Clarified the Only Backed-Up Items and Only Retained Items options 
for the Expire/Reduce action of Mailbox/Library Maintenance; clarified 
the terms “expire” and “reduce.” 


Added a third step to the retention process. 


Clarified that the GWCheck log file is always created in the 
post office directory\wpcsout\ofs directory. It cannot be 
redirected to a different directory. 


Added the /lang switch and the /pr switch. 
Removed a recommendation to not back up QuickFinder™ index files; 


.idx and .inc files should be backed up. 


Provided default values for DBCopy startup switches. 


Emphasized that the SNMP daemon must always start before the POA. 


Added a new switch. 


Recommended a maximum setting of 1 MB. 


Emphasized that the SNMP daemon must always start before the MTA. 


Listed another important use for the route configuration file 
(route.cfg). 


Clarified that attachments are included in the mime. 822 file that 
accompanies SMTP messages. 


Added the /nosnmp startup switch. 


Created a link to the Group Wise Messenger 2 Administration Guide that 
explains how to make the Messenger login information permanent. 


Location 


Section 66.1, “Using 
GroupWise AutoUpdate and 
SetuplP to Distribute the 
GroupWise Windows Client,” 
on page 1081 


Security Administration 


Section 71.2.1, “Generating a 
Certificate Signing Request,” 
on page 1123 


Section , “Using YaST on 
Linux,” on page 1127 


Change 


Improved the instructions for setting up AutoUpdate and SetuplP. 


Clarified that, for Linux GWCSRGen, the directory where you want to 
create the certificate file and key file must already exist. 


Added instructions for using YaST to create a certificate file and key file. 
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April 16, 2007 (GroupWise 7 SP 2) 


Location 


System 


Chapter 7, “Multilingual 
GroupWise Systems,” on 
page 105 


Post Office 


Section 12.3.2, “Setting 
Mailbox Size Limits,” on 
page 183 


Section 12.3.4, “Restricting the 
Size of Messages That Users 
Can Send,” on page 185 


Users 


Section 14.7.4, “Creating a 
Nickname for a User,” on 
page 239 


Distribution Lists 


Section 19.1, “Setting Up an 
eDirectory Group for Use in 
GroupWise,” on page 279 


Databases 


Chapter 31, “Backing Up 
GroupWise Databases,” on 
page 407 


Section 34.4, “GroupWise 
Database Copy Utility,” on 
page 455 


Section 34.4.4, “DBCopy 
Startup Switches,” on page 458 


Post Office Agent 


Section 36.4.3, “Performing 
Nightly User Upkeep,” on 
page 513 


Section 38.4.2, “Configuring a 
Dedicated Database 
Maintenance POA,” on 

page 560 


“levocontrol” on page 572 


Change 


Added that the GroupWise clients now use UTF-8 for MIME encoding to 
accommodate characters in all supported languages. 


Explained that the maximum mailbox size limit that you can set in 
ConsoleOne is 4 GB, but that GroupWise databases have no inherent 
size limits. 


Clarified that the MIME portion of an HTML-formatted message counts 
in the message size. 


Clarified the use of the Expiration Date field. 


Added a link to a TID about using dynamic groups with GroupWise. 


Added a link to the Novell Open Enterprise Server Partner Support site, 
where you can find supported backup compatible backup solutions on 
Linux. 


Indicated that DBCopy is now a multi-threaded application; identified 
specifically what files and directories DBCopy does and does not copy 
for a post office and a domain. 


Added a list of startup switches. 


Clarified that addresses in personal groups are updated by Nightly User 
Upkeep. 


Removed the step for turning off message file handling. Message file 
handling is required for database maintenance tasks. 


Added a switch to control the versions of Evolution that the POA allows 
to connect to the post office. 
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Location Change 


Internet Agent 


“Defining a Blacklist Address” Removed references to Open Relay DataBase (ORDB) because it is no 
on page 757 longer in service. 


Monitor Agent 


“Mhapoll” on page 1024 Clarified how to interpret actual results when setting the High 
Availability server poll interval. 


Client 


Section 66.2.1, “Creating a Updated the client installation instructions when using ZENworks. 
GroupWise Client Application 
Object,” on page 1096 


Security Administration 


Section 71.2.5, “Installing the Improved the description of the files that need to be installed. 
Certificate on the Server,” on 
page 1128 


1182 GroupWise 7 Administration Guide 


September 29, 2006 


Location Change 

Users 

Section 14.3.5, “Excluding Explained how to suppress global signatures on a selected domain, 
Global Signatures,” on post office, or user. 

page 222 


Section 14.4.4, “Preparing fora Emphasized the use of GroupWise® Check when preparing for a user 
User Move,” on page 224 move. 


Section 14.4.5, “Moving a Recommended connecting to the domain that owns the destination post 
GroupWise Account to Another office where you are moving the user. 

Post Office in the Same 

eDirectory Tree,” on page 225 


Databases 

Section 34.1, “GroupWise Cautioned against running GWCheck over cross-platform connections 
Check,” on page 423 to the GroupWise databases that are being checked and repaired. 
“Running TSAFSGW on Corrected the default location for the TSAFSGW temporary directory. 
NetWare” on page 442 

Post Office Agent 

Section 36.3.1, “Securing Clarified how the POA handles internal vs. external users. 


Client/Server Access through a 
Proxy Server,” on page 496 


Section 36.3.4, “Providing Added a link to a TID with details for handling LDAP authentication in 
LDAP Authentication for the context of multiple eDirectory™ trees. 

GroupWise Users,” on 

page 501 


Section 37.1.1, “Monitoring the Clarified how the POA thread count is displayed in the Status box. 
POA from the POA Server 
Console,” on page 515 


Internet Agent 


Section 46.1.1, “Configuring Clarified that one SMTP thread is equivalent to one connection. 
Basic SMTP/MIME Settings,” 
on page 717 


Section 47.2.2, “Access Mentioned white lists in contrast to blacklists. 
Control Lists,” on page 759 


WebAccess Agent 


Section 53.3.4, “Assigning a Added information about how this setting is used to select an 
Default WebAccess Agent toa appropriate default WebAccess Agent for a post office. 
Post Office,” on page 865 
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Location Change 


Section 54.1.6, “Binding the Indicated that this can be accomplished using the /ip startup switch. 
WebAccess Agent to a Specific 
IP Address,” on page 878 


Monitor Agent 


Section 59.5.2, “Customizing | Added an example of a useful MTA threshold to check for. 
Notification Thresholds,” on 
page 981 


Section 66.2.1, “Creating a Added information on how to install the iisscript.msi as a dependency 
GroupWise Client Application when doing a GroupWise ZENworks installation of the Windows client. 
Object,” on page 1096 


Section 66.2.2, “Using Changed the path to the GroupWise Tuner utility. 
GroupWise 7 Tuner,” on 
page 1099 


Client 


Section 65.1, “Client Options Added information about how locking settings affects the override 
Summary,” on page 1045 hierarchy. 


Security Policies 


Section 81.6, “Protecting Added suggestions for securing trusted applications. 
Trusted Applications,” on 
page 1169 


1184 GroupWise 7 Administration Guide 


June 15, 2006 (GroupWise 7 SP 1) 


Location Change 


System 


Section 2.3, “ConsoleOne ina Added links to setup instructions for using ConsoleOne for cross- 
Multiple-Platform platform GroupWise administration. 
Environment,” on page 41 


Section 5.15, “Gateway Alias Added overview of the new Gateway Alias Migration utility. 
Migration,” on page 77 


Section 6.1.2, “Adding LDAP Provided steps to adding non-default LDAP fields to the GroupWise 
Fields to the Address Book,” on Address Book. 


page 87 

Section 7.1, “Client Explained that the GroupWise client user guides are not translated into 

Languages,” on page 105 all of the languages into which the software is translated and linked to a 
list of languages in which the client user guides are available; indicated 
that 20 MB of disk space is required for each additional language that is 
installed on the user’s workstation. 

Domains 


Section 8.2.4, “Determining the Clarified that the Domain object can be created in any Organization or 
Context for the Domain Organizational Unit container in any context in the eDirectory Tree 
Object,” on page 114 


Section 8.2.5, “Choosing the Clarified that accented characters in the extended ASCII range can be 
Domain Name,” on page 116 used in domain names 


Post Offices 


Section 11.2.3, “Determining Clarified that the Post Office object can be created in any Organization 
the Context for the Post Office or Organizational Unit container in any context in the eDirectory Tree 
Object,” on page 158 


Section 11.2.4, “Choosing the Clarified that accented characters in the extended ASCII range can be 
Post Office Name,” on used in post office names 
page 160 


Section 12.3.4, “Restricting the Added information about message size restrictions between your 
Size of Messages That Users GroupWise system and the Internet. 
Can Send,” on page 185 


Section 12.6, “Refreshing the | Warned that customized view files that have the same names as 
Client View Files in the Post standard view files are now overwritten when you refresh the views for 
Office,” on page 195 a post office. 


Users 

Section 13.2.1, “Creating a Listed the characters that are invalid in GroupWise mailbox IDs 
Single GroupWise Account,” (usernames). 

on page 204 
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Location 


Section 13.2.2, “Creating 
Multiple GroupWise Accounts,” 
on page 206 


Section 13.3, “Creating 
GroupWise Accounts for Non- 
eDirectory Users,” on page 214 


Section 14.3, “Adding a Global 
Signature to Users’ 
Messages,” on page 219 


Section 14.4.4, “Preparing fora 
User Move,” on page 224 


Section 14.6.3, “Bypassing the 
GroupWise Password,” on 
page 233 


Resources 


Section 15.3, “Creating a New 
Resource,” on page 250 


Distribution Lists, Groups, 
and Organizational Roles 


Section 18.1, “Creating a New 
Distribution List,” on page 265 


Section 18.1, “Creating a New 
Distribution List,” on page 265 


Libraries and Documents 


Section 22.1.3, “Choosing the 
Library Name,” on page 300 


Databases 


Section 27.3, “Re-creating a 
User Database,” on page 388 


Section 30.2, “Reducing the 
Size of User and Message 
Databases,” on page 401 


Section 32.5.1, “Setting Up a 
Restore Area,” on page 413 


“Using Text-Based GWCheck 
(gwcheckt)” on page 427 


Section 34.2.2, “GroupWise 
Target Service Agent for File 
Systems (TSAFSGW) for 
NetWare 6.x/OES and Linux,” 
on page 439 
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Change 


Listed the characters that are invalid in GroupWise mailbox IDs 
(usernames). 


Listed the characters that are invalid in GroupWise object IDs 
(usernames); added a step for setting up LDAP authentication for 
external entity users. 


Added sections for the global signatures appended by the Internet 
Agent. 


Provided more detailed preparation instructions. 


Added an explanation of Novell Common Authentication Services 
Adapter (CASA). 


Clarified that accented characters in the extended ASCII range can be 
used in resource names 


Explained the Replication Override setting. 


Clarified that accented characters in the extended ASCII range can be 
used in distribution list names 


Clarified that accented characters in the extended ASCII range can be 
used in library names 


Emphasized how much information is lost when you re-create a user 
database. 


Clarified that unread items are not expired. 


Indicated that, for direct access to the restore area, users need File 
Scan rights along with Read and Write rights; indicated that if rights 
required for direct access have not been granted, the POA can retrieve 
requested items for the GroupWise client by way of TCP/IP. 


Added a section about text-based GWCheck (gwcheckt). 


Clarified that TSAFSGW automatically starts TSAFS if it is not already 
running; described the new GroupWise object discovery capability that 
identifies associated libraries and remote document storage areas 
when you specify a post office directory. 


Location Change 


“TSAFSGW Functionality” on | Removed the need to manually exclude the wpcsout and wpcsin 
page 440 directories from your backups; TSAFSGW does it for you now. 


Section 34.4.2, “Using DBCopy Added the -i switch, the -v switch, and the DBCopy log file. 
on Linux,” on page 456 


Section 34.4.3, “Using DBCopy Provided a link to the new NetWare® version of DBCopy. 
on Windows,” on page 457 


Post Office Agent 

Section 36.1.1, “Creating a Clarified that accented characters in the extended ASCII range can be 
POA Object in eDirectory,” on used in POA object names 

page 476 

Section 36.2.8, “Restricting Explained what happens if the message exceeds the limit; added a link 


Message Size between Post to other methods of message size restriction. 
Offices,” on page 495 


Section 36.3.1, “Securing Clarified the IP address to provide in the Proxy Server Address field. 
Client/Server Access through a 
Proxy Server,” on page 496 


“Regenerating QuickFinder Explained how to recreate QuickFinder indexes for a post office. 
Indexes” on page 528 


Section 38.3.3, “Customizing | Documented switches for controlling QuickFinder indexing to address 
Indexing,” on page 557 special needs. 


Section 39.64, “/mtpssl,” on Updated switch name from /msgtranssl to /mtpssl. 
page 588 


Message Transfer Agent 


Section 41.1.1, “Creating an Clarified that accented characters in the extended ASCII range can be 
MTA Object in eDirectory,” on used in MTA object names 


page 614 
Section 41.2.1, “Restricting Explained what happens if the message exceeds the limit; added a link 
Message Size between to other methods of message size restriction. 


Domains,” on page 628 


Section 41.4.2, “Enabling MTA Noted that some fields available on the Message Log Settings page of 
Message Logging,” on the MTA object in ConsoleOne are no longer supported by the MTA. 
page 643 


Internet Agent 


Section 45.3, “Transitioning Introduced the new Gateway Alias Migration utility. 
from SMTP Gateway Aliases to 

Internet Addressing,” on 

page 713 


Section 46.1.1, “Configuring Added two new settings: Kill Threads on Exit or Restart and Enable iCal 
Basic SMTP/MIME Settings,” Service. 
on page 717 


Section 46.1.4, “Determining Added two new settings: Default Global Signature to Insert in Outbound 
Format Options for Messages,” Messages and Apply Global Signature to Relay Messages. 
on page 723 
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Location 


Section 47.1.2, “Creating a 
Class of Service,” on page 748 


Chapter 52, “Using Internet 
Agent Startup Switches,” on 
page 813 


“Idefaultcharset” on page 832 


“limip” on page 826, “/ 
killthreads” on page 836,“/ 
relayaddsignature” on 
page 833 


WebAccess Agent 


Section 54.9, “Enabling Web 
Server Data Compression,” on 
page 913 


“laddrspacename” on 
page 954 


Section 57.2.12, “/log,” on 
page 957 


Monitor Agent 


Section 58.2, “Monitor Agent 
Web Console,” on page 965 


“Setting Up Regions” on 
page 1006 


Section 61.5.4, “Receiving the 
Accounting Files,” on 
page 1017 


Section 63.12, “/httpssl,” on 
page 1028 


Client 


“Environment Options: File 
Locations” on page 1056 


“Environment Options: Junk 
Mail’ on page 1060 


Section , “Send Options: Disk 
Space Management,” on 
page 1071 


“Send Options: Global 
Signature” on page 1072 


Security Administration 
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Change 


Explained what happens if the message exceeds the limit; added a link 
to other methods of message size restriction. 


Explained how the configuration settings in ConsoleOne and the 
switches in the gwia . cfg file interrelate now that all primary 
configuration settings are stored in the domain database rather than in 
the gwia.cfg file. 


Included examples where the character set name includes hyphens (-). 


Added three new switches. 


Explained how to enable data compression on your Web server to 
improve WebAccess performance. 


Added a new startup switch. 


Corrected the location of Viewer Agent log files on Linux. 


Indicated that agent groups can now be created and managed in the 
Monitor Agent Web console. 


Added instructions for setting up a region on an image map, so that a 
larger scale map can link to a smaller scale map. 


Added the default location for the Monitor Agent accounting files. 


Removed the enabled option; it is not needed. 


Added instructions for adding multiple Archive paths. 


Added instructions on how to enable or disable Junk Mail Handling. 


Added a link to other methods of message size restriction. 


Added instructions on how to select a global signature. 


Location Change 


Section 71.3, “Trusted Root Added instructions for exporting the trusted root certificate required to 
Certificates and LDAP set up LDAP authentication for GroupWise users. 
Authentication,” on page 1129 


Section 77.1.2, “Manually Made corrections to the rights table to list the properties associated with 
Granting eDirectory Rights,” on the POA object. 
page 1154 


Security Policies 


Part XVI, “Security Policies,” Added a new section about recommended practices for protecting the 
on page 1163 security of your GroupWise system. 
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November 30, 2005 


Location Change 

Databases 

Section 34.1.3, “Using Indicated that the GWCheck RPM is available in the /client subdirectory 
GWCheck on Linux,” on as well as the /admin subdirectory of your software distribution 

page 426 directory. 

Section 34.1.6, “Executing Added the /pa switch. 


GWCheck from a Windows 
Batch File,” on page 431 


Section 34.1.7, “Executing Added the --pa switch. 
GWCheck from a Linux Script,” 
on page 432 


Section 34.4.2, “Using DBCopy Corrected the path to the dbcopy executable. 
on Linux,” on page 456 


Post Office Agent 

Section 39.104, “/ Added the /soapsizelimit switch. 

soapsizelimit,” on page 600 

Section 39.109, “/user,” on Clarified the types of user to specify for NetWare, Linux, and Windows 
page 601 remote servers. 


Message Transfer Agent 


Section 43.2.2, “Adjusting MTA Indicated that gateways are also affected by the MTA scan cycle 
Polling of Input Queues in the settings. 

Domain, Post Offices, and 

Gateways,” on page 676 


Internet Agent 


Section 46.4.2, “Using Paging,” Corrected the pager e-mail address so that the /I and /b switches follow 
on page 746 the address. 


Section 48.3, “Binding the Added information about setting up the Internet Agent to use an 
Internet Agent to a Specific IP exclusive bind to a specified IP address. 
Address,” on page 771 


WebAccess Agent 


Section 53.3.4, “Assigning a Added information about how this setting is used to select an 
Default WebAccess Agent to a appropriate default WebAccess Agent for a post office. 
Post Office,” on page 865 


Section 53.3.5, “Assigning a Added information about how this setting is used to select an 
Default WebAccess Agent to a appropriate default WebAccess Agent for a domain. 
Domain,” on page 866 


Section 54.8, “Configuring the Clarified the locations of the document quarantine directory and the 
Document Viewer Agent,” on document cache directory. 
page 909 
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Location 


Section 56.4.3, “Controlling 
Document Viewer Agent 
Logging,” on page 943 


Client 


Section 65.2, “Setting Client 
Options,” on page 1049 


Section 66.2, “Using ZENworks 
Desktop Management to 
Distribute the GroupWise 
Windows Client,” on page 1095 


Section 66.2.2, “Using 
GroupWise 7 Tuner,” on 
page 1099 


Section 66.2.3, “Configuring 
ZENworks to Use a Transform 
File,” on page 1101 
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Change 


Added the default location of Viewer Agent log files. 


Clarified that setting a lock on an option setting at a higher level such as 
a post office overrides that option setting at a lower level such as a user. 


Clarified the section on how to use ZENworks® Desktop Management 
to distribute the GroupWise Windows Client. 


Added information on how to use GroupWise 7 Tuner to create a 
transform file. 


Added information on how to configure ZENworks to use a Transform 
file. 


